Two interesting observations:
The average number of days that attackers were present on a victim’s network before being discovered is 146 days. (FireEye)
At Threat Stack, we have observed that a majority of the market is moving toward automated security vulnerability and configuration scanning.
You would be hard pressed to come by a compliance framework that did not require you to have a system to detect and manage vulnerabilities. Vulnerabilities are as old as technology itself, so to call yourself compliant, you first need to demonstrate that you have a sound vulnerability management program in place.
Vulnerability management systems identify common vulnerabilities and exposures (also known as CVEs), alerting you when a server or package is at risk so you can patch it immediately.
Simply by having a vulnerability management program in place, you can often satisfy many other major compliance requirements. In this post, we’ll explain how vulnerability management helps you to become compliant. Read more “3 Key Points on How Vulnerability Management Can Help You Become Compliant”