Lamar Bailey, nCircle's director of security research and development, walks you through how deal yourself a winning hand with your security products.
A YouTube video of Lamar's presentation is available through the link below:
http://youtu.be/ogTBB7w1XyM
EWEEK ARTICLCE The report found that the number of vulnerabilities grew to 5,225 in 2012, an increase of 26 percent year-over-year, as counted by their common vulnerabilities and exposures (CVE) identifiers.
Going back to day 1 here is a sampling of our coverage for popular products.
Areas of concerned that are not always covered
Examples of Rules
Examples of Rules
The date when a vulnerability was discovered plays a large role in the nCircle Scoring Algorithm, which bases score calculation on the idea that the longer a vulnerability exists, the more likely it is to be exploited. This leads to a disparity in scoring when date isn’t a concern and with newer vulnerabilities that have just been discovered. The risk component of the nCircle Scoring Algorithm represents the vector of the attack (remote or local) and the outcome of the attack (Denial of Service (availability), User Access (access), Privileged Access (privileged)). These configuration options allow you to make changes to the importance of the 6 vulnerability risk levels. VERT has identified seven classes of products that customers may wish to label as remote instead of local on their network. When these modifications are applied, the risk is changed from ‘Local N’ to ‘Remote N’ for all vulnerabilities in that class. The classes are:Web Browsers (SCORE_BROWSERS)Java (SCORE_JAVA)Web Technologies [Flash, Shockwave] (SCORE_WEB_TECHNOLOGY)PDF Readers [Adobe, Foxit] (SCORE_PDF_READERS)Media Players (SCORE_MEDIA_PLAYERS)Mail Clients (SCORE_MAIL_CLIENTS)Office Products (SCORE_OFFICE_PRODUCTS)