Vulnerability Scans: Only Part of the Equation

Book a Call

Vulnerability Scans: Only Part of the Equation

July 3, 2024

There are two primary ways we see companies manage vulnerabilities… one of them significantly riskier than the other.

Reactive strategies rely on a problem to arise before taking action. This makes reactive the riskier option of the two, hopefully for obvious reasons. Using a reactive strategy is like waiting for an electric bill to tell you that a door has been left open. By the time you get the memo, the damage has already been done.

On the other hand, proactive strategies actively seek potential weaknesses and do everything possible to run a secure program before a problem occurs. Closed door. Locks engaged. And maybe an alarm system to keep bad actors out.

We work with organizations who work very hard to be less vulnerable. In fact, they spend a lot of time and money trying to protect themselves from all kinds of threats.

So, how do you know which strategy you are currently engaging? And how do you make the shift to the less risky one?

Inventory: Establish a comprehensive, up-to-date list of all your software, its components, version numbers, and other key data points. Create processes and assign someone the responsibility of maintaining this list and hold them accountable to its accuracy. It’s hard to maintain security if these systems are not showing up on anyone’s radar.
Patching: Ensure your processes include patching and keeping all software up to date on a cadence separate from vulnerability scanning. Set up a regular patching schedule and stick to it. Patching isn’t just about remediating vulnerabilities; it’s about fixing bugs and unlocking new features in addition to critical updates.

Support: Keep an active relationship with your software representatives including established communication mechanisms to ensure you receive notifications of the latest updates. Clear communication with the source will help you ensure these valuable updates are known and made.

Ensuring these activities are part of your process will strengthen your cyber program and also help you sleep a little easier at night knowing you’re using best practices to run foundational parts of your security.

Let’s lock those doors before the burglars come knocking, shall we?

CMMC 101: What you need to know from framework to final rule

CMMC, Compliance, GRC, Top Posts

With a staggering loss of $3.5 billion in intellectual property through its contractors a year, the Department of Defense (DoD) needed a way to shore up cybersecurity in the Defense Industrial Base (DIB). From this need, the Cybersecurity Maturity Model Certification (CMMC) program was created with an initial release in 2020. The entire purpose […]

Security Awareness Training – Ransomware

Security Awareness

One Click Is All It Takes A single click on a phishing link. A password change request that didn’t feel quite right. A forgotten remote desktop login. That’s all it takes for ransomware to slip in and start locking down systems—and businesses. Why Ransomware Is Still a Threat Despite increased awareness, ransomware […]

Why Cybersecurity is as much Art as Science

Podcast

In this kickoff episode of The Art of Cybersecurity, host Cheri Hotman shares why this podcast exists and what listeners can expect. Cyber isn’t just science or technology — it’s art. It’s messy, constrained, people-driven, and ultimately about mitigating risk to protect people and data. Cheri cuts through the noise of “easy button” tools, audit-passing […]