Vulnerability management and SIM

by Anton Chuvakin

Related link:

In this minor bit of self-promotion :-), I wanted to invite my blog readers who are in NYC to attend my presentation at ISSA this Thursday, Nov 10. To disclose, this presentation will not be entirely vendor-neutral, but it will be fun anyway (if you are into that sort of thing :-))

Here is what I will speak about: "While fighting threats such as attackers from the Internet, internal network abusers and various forms of malware occupies a large part of daily lives of security practitioners, many organizations are well underway in looking at another critical part of the risk formula: vulnerability. Such activity is one step organization can take to be more proactive in their security process. Thus, vulnerability scanners have become a staple at many organizations. However, many of those suffer from the same disease that hit early intrusion detection systems (IDS): they are just too noisy. In addition, they don't tell you what you should actually do about all those reports and vulnerability notices, just as most intrusion detection systems will not tell you whether you should care about a particular alert. In addition, many of the vulnerabilities cannot be fixed by simply updating to the latest affected product version, but require tweaking and the configuration of various system parameters. Thus, the vulnerability management space was born out of a need to intelligently prioritize and eventually fix the discovered vulnerabilities. This talk will look at a current vulnerability management challenges and show how your existing SIM (security information management) solution can help dealing with the challenge. People sometimes view SIMs as solutions to manage IDS and firewall log data, but in reality market-leading SIMs can do a lot more."