What is Shadow IT? It’s something every IT professional comes into contact with at some point and wishes they hadn’t. Here’s what Shadow IT is, why it’s bad, and how to avoid it.
Chromebooks are a popular solution for people who primarily use computers to go online, for students, and for security professionals. They are inexpensive, reliable, and secure. But since security is a big motivator behind Chromebooks, that raises a question: Do Chromebooks need antivirus protection?
A frequent question people ask me, as a security professional, is why do hackers hack? The answer used to vary, but today they typically hack for the same reason I do. To make money. The difference is who pays them. Well, and that little detail called permission, of course.
Vulnerability scanning is an essential part of any information security program. Unfortunately it’s also pretty widely misunderstood. In that light, let’s take a look at what a vulnerability scanner is, and how a vulnerability scanner works.
What is a vulnerability management program? Well, it’s not a computer program, although you will need some software to run a successful vulnerability management program. But vulnerability management is a discipline. A vulnerability management program is an ongoing continuous operation to ensure the discipline is working in your organization.
That may raise as many questions as it answers, so let’s dig in.
I probably get more questions about Qualys asset tracking than I get about anything else in regards to Qualys. Many people misunderstand Qualys asset tracking. It’s really easy to mess it up, and things can go horribly wrong if you do.
In vulnerability scanning, there’s a big difference in an authenticated scan vs unauthenticated. Here’s why it matters, and why you should almost always go for an authenticated scan. Using authenticated scans is a vulnerability management best practice.
Lots of people misunderstand this. To quote myself about fifteen years ago: “Let me get this straight. I give you an admin account, and then you tell me you were able to log in?” It’s about logging in and assessing what’s wrong, not telling you we got in. Regardless of the tool you use, authenticated scans let the vulnerability scanner do its job better.
As a vulnerability management professional, I talk about vulnerability management best practices a lot. It comes up in sales presentations. I talk about it when my phone rings and a former colleague just needs to talk. But based on my experience, not many companies do vulnerability management well. If you’re not happy with your vulnerability management program, here are some best practices to help you get the results you want.
Tenable is one of the biggest names in vulnerability management, partly due to its sponsorship of several popular security podcasts. But due diligence requires taking a look at multiple solutions. So here’s an overview of Tenable competitors and my notes on them, having used each of them in the field.
As a vulnerability analyst by trade, I spend a lot of time using vulnerability scanners. Qualys and Tenable are the two market leaders in this space. I’ve used both in the field. Let’s take a look at Qualys vs Nessus so you can decide which of the two is right for you.
A vulnerability scanner is an essential part of an enterprise vulnerability management program. Having the right scanner is essential because a vulnerability management program lives or dies by having data that is accurate and actionable.