Last Tuesday, November 27, I spoke at “Business Asks for Cyber Attacks” meetup organized by PRYTEK investment platform. The event was held at the PRYTEK Moscow office in a beautiful XIX century building of a former textile manufactory.
The goal of the meetup was to talk about new approaches in Vulnerability Analysis and how they can reduce the Information Security costs for organizations.
There were two presentations:
- The first one was by Doron Sivan, Cronus CEO. He talked about his company’s product.
- The second was mine. I criticized traditional vendors of vulnerability scanners, talked about things that work in companies, and things that don’t work, and what you should pay attention to when choosing a Vulnerability Management tool.
For the most part this was my report from the last ISACA VM Meetup. The only difference was in the conclusions, since the topic of this event and the audience were different.
I stressed that the Attack Simulation tools, like Cronus, that analyze vulnerabilities and network connectivity of hosts can be very helpful. They allow you to assess the criticality of each vulnerability better and help to justify the need in prompt patching for IT Team (see “Psychological Aspects of Vulnerability Remediation“).
Continue reading