Vulnerability Management Training 3

1
SECURIUM FOX offers cyber security consultancy
services with its expert and experienced team. We
are providing consulting services to prevent
cyber attacks, data leak and to ensure that our
customers are ready and safe against cyber
attacks, with more than 15 years of
experience.In addition to pentests and
consulting services, SECURIUM FOX prepares its
customers and field enthusiasts for real life
scenarios by providing trainings in the lab
environment which was prepared by themselves,
with its young, dynamic and constantly following
team.Everytime that hackers are in our lives,
there are always risks that we can face with a
cyber attack. Over the years cyber security has
become a critical precaution for all
organizations and companies after the effects and
number of attacks. SECURIUM FOX tests the weak
points of customers for possible attacks and
provides consulting services to eliminate these
weak points.SECURIUM FOX team also offers
support for the development of our country in
this field by supporting free events being
organized as a volunteer by the Octosec team.
ABOUT US
2

• VULNERABILITY MANAGEMENT

3
HOW THREAT INTELLIGENCE PRIORITISES RISK IN
VULNERABILITY MANAGEMENT

• Much of the daily work in cybersecurity lends
  itself to analogies with fighting fires
  vulnerability management, perhaps the most so.
  Just like with firefighting, vulnerability
  management is almost always a race against the
  clock. They both concern problem solving within
  living systems, meaning that the elements of the
  system are not static, but interconnected and
  constantly changing. Fire spreads rapidly and
  sometimes unpredictably, a small spark turning
  into a wildfire spanning thousands of miles. In
  the same way, a routine vulnerability in a
  commonly used program can be exploited to sudden
  and devastating effect, and a solution that
  worked just yesterday may not adequately address
  the concerns of today.

4

• Threat intelligence provides the context and
  situational awareness cybersecurity professionals
  working in vulnerability management need to
  prioritise their work. Getting the right context
  is essential when so many new vulnerabilities are
  uncovered daily far more than any one team has
  the resources to completely patch. It allows
  vulnerability management teams to take a
  risk-based approach instead of just dealing with
  problems as they come.
• Its, again, a way of problem solving that
  firefighters have to rely on when fighting the
  biggest blazes. Heres a few techniques
  firefighters use when battling wildfires, mapped
  to similar techniques used in vulnerability
  management

5
Threat Intelligence for Vulnerability Management

• Vulnerability management is not glamorous, but it
  is one of the very few ways you can be proactive
  in securing your organisation. Its importance as
  a function cannot be overstated. The key to
  success in vulnerability management is to shift
  the thinking of your security teams from trying
  to patch everything to making risk-based
  decisions. That is critical because the vast
  ocean of vulnerabilities disclosed each year
  stretches to the breaking point the teams
  responsible for identifying vulnerable assets and
  deploying patches. And the key to making good,
  risk-based decisions is taking advantage of more
  sources of threat intelligence.

6
The Vulnerability Problem by the Numbers

• According to research from the analyst firm
  Gartner, Inc., about 8,000 vulnerabilities a year
  were disclosed over the past decade. The number
  rose only slightly from year to year, and only
  about one in eight were actually exploited.
  However, during the same period, the amount of
  new software coming into use grew immensely, and
  the number of threats has increased
  exponentially. In other words, although the
  number of breaches and threats has increased over
  the past 10 years, only a small percentage were
  based on new vulnerabilities. As Gartner put it,
  More threats are leveraging the same small set
  of vulnerabilities.

7
Zero Day Does Not Mean Top Priority

• Zero-day threats regularly draw an outsize amount
  of attention. However, the vast majority of new
  threats labeled as zero day are actually
  variations on a theme, exploiting the same old
  vulnerabilities in slightly different ways.
  Further, the data shows that the number of
  vulnerabilities actually exploited on day zero
  make up only about 0.4 percent of all
  vulnerabilities exploited during the last decade.
• The implication is that the most effective
  approach to vulnerability management is not to
  focus on zero-day threats, but rather to identify
  and patch the vulnerabilities specific to the
  software your organization uses.

8
Assess Risk Based on Exploitability

• Lets use a metaphor if patching vulnerabilities
  to keep your network safe is like getting
  vaccines to protect yourself from disease, then
  you need to decide which vaccinations are
  priorities and which are unnecessary. You may
  need a flu shot every season to stay healthy, but
  theres no need to stay vaccinated against yellow
  fever or malaria unless you will be exposed to
  them. Thats why you have to do your research
  one of the greatest values of a threat
  intelligence solution is that it identifies the
  specific vulnerabilities that represent risk to
  your organisation and gives you visibility into
  their likelihood of exploitation.

9
Severity Ratings Can Be Misleading

• A common mistake in managing vulnerabilities is
  to focus on ranking threats in terms of severity.
  Ranking and classification systems like Common
  Vulnerabilities and Exposures (CVE) naming and
  Common Vulnerability Scoring Systems (CVSSs)
  dont take into account whether threat actors are
  actually exploiting vulnerabilities right now in
  your industry or locations. Relying solely on
  vulnerability severity is like getting a vaccine
  for the bubonic plague before a flu shot because
  the plague killed more people at some point in
  history.

10
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.

• INFO
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,
• Gurunanak Nagar,Patamata,Vijyawada,
• Andhra Pradesh -520010
• 9652038194
• 08666678997
• info_at_securiumfoxtechnologies.com

11

• info_at_securiumfoxtechnologies.com
• Andhra Pradesh Office
• 91 8666678997,91 91652038194
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
  wada,
• info_at_securiumfoxtechnologies.com
• UK Office
• 44 2030263164
• Velevate, Kemp House, 152 - 160,City Road,EC1V
  2NX
• London
• info_at_securiumfoxtechnologies.com
• Tamil Nadu Office
• 91 9566884661
• Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
  620019
• info_at_securiumfoxtechnologies.com

• Noida Office
• 91 (120) 4291672, 91 9319918771
• A-25, Block A,
• Second Floor,Sector - 3,
• Noida, India
• info_at_securiumfoxtechnologies.com
• USA Office
• 1 (315)933-3016
• 33 West,17th Street,
• New York,
• NY-10011, USA
• info_at_securiumfoxtechnologies.com
• Dubai Office
• 971 545391952
• Al Ansari Exchange, Ansar Gallery - Karama
  Branch, Hamsah-A Building - 3 A St - Dubai -
  United Arab Emirates