Image ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been. Prioritizing Asset Assessment The biggest change at this level is the focus on the breadth...

Image Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe...

Image As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what...

Image The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Document the requirements Start by documenting what is in place now and what...

Image As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. What Is Vulnerability Management? Vulnerability assessments are useful for detecting security issues...

Image Image The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some...

Image Just as you would map a hike or climb by creating waypoints you plan to hit each day, you must plan your vulnerability management process by creating similar goals. We call these goals Maturity Levels, from ML0 to ML5, as we defined them in the last blog. You have your asset inventory from an open-source tool, asset tracking...

Image The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze and evaluate cyber risks before they evolve into full-fledged security incidents. When it comes to cyber risk mitigation, the terms “patch management” and “vulnerability management” are used...

Image In a recent blog post for the State of Security, we asked security experts what they thought would make the biggest impact on the security of industrial control systems (ICS) in the next 5-10 years. They gave numerous answers, but perhaps the most frequent response was the ongoing IT-OT convergence in industrial organizations....

Image On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem. The Active Cyber Defence Program NCSC was set up in 2016 to...

Image As we noted in August 2018, industrial control system (ICS) security has become more complicated since the introduction of the web. Organizations are now bringing together the logical and physical resources of both information technology (IT) and operational technology (OT). This creates various ICS security challenges,...

Image As I discussed in the first blog in this series, the purpose of this series is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey. For the first phase, let...

Image If you are a security practitioner, then you may have noticed that much of the security industry exists because of vulnerabilities. Regardless of what job position you occupy, vulnerabilities are oftentimes the reason why you wake up every morning and ultimately engage infosec from within your cutting-edge working environment....

Image Vulnerability management (VM) is an essential process through which organizations can reduce risk in their environments. But myths and misconceptions surrounding VM abound. For instance, organizations commonly approach vulnerability management in the same way as they do patch management. Others are guilty of believing that all...

Image On the surface, vulnerability management (VM) is nearly ubiquitous. If you ask someone whether their organization has VM, the vast majority will reply in the affirmative. In fact, Tripwire asked that very question in a recent survey on the topic. Eighty-eight percent of respondents said yes. Beneath that surface of ‘yes’...

Image The purpose of this series of blogs is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey. Your progress will depend on your funding and priorities, but...

Image When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck. Now that I’m older, I watch more than I play, and I’m able to appreciate...

Image The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial...