In this episode, Jacob speaks with cybersecurity researcher Patrick Garrity!
Patrick Garrity is a seasoned security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors.
In this episode they discuss the importance of integrating threat intelligence into vulnerability management using the Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities Catalog, and the changes in CVSS 4.0!
Here are some highlights from the episode:
- How Exploit Prediction Scoring System (EPSS) can predict exploitation
- How vulnerability scanners integrate EPSS
- CISA's Known Exploited Vulnerabilities (KEV) Catalog
- The national security implications of vulnerability management
-----------
Thanks to our sponsor Keeper Security!
Need a FedRAMP authorized Password Manager and secure File Sharing solution?
See how Keeper can help you comply with CMMC: www.keepersecurity.com/cmmc/?...
Start a free 14-day trial of Keeper: grcacademy.io/ref/keeper/b2b-...
See the CMMC controls that Keeper meets: grcacademy.io/ref/keeper/cmmc...
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: grcacademy.io/courses/?...
00:00 Beginning
00:28 Patrick's background
01:53 The evolution of vulnerability management
03:59 Vulnerability scanners and their challenges
05:38 CVSS's intended use and common criticisms
11:17 How Exploit Prediction Scoring System (EPSS) can predict exploitation
14:44 How vulnerability scanners integrate EPSS
15:59 CISA's Known Exploited Vulnerabilities (KEV) Catalog
20:34 CISA's KEV automation
21:58 National security implications of vulnerability management
25:19 Conclusion
Негізгі бет Why Threat Intel is Essential for Vulnerability Management with Patrick Garrity
No video
Пікірлер: 2