SANS Buyer Guide

Introduction

For many years, cars had analog indicators on the dashboard, including the infamous “idiot light” which, loosely translated, meant: “You ignored the oil pressure and water temperature gauges and now will have an expensive engine repair.” As microprocessors became common in automobile engine control systems, that glowing bulb was replaced by the dreaded “check engine” multi-indicator message, which largely meant: “You ignored the 27 little indicators of problems and now will have an expensive engine repair.” Great for the towing and repair industry; not so great for businesses and families with vehicles stuck on the side of the road.

Flash forward to now. After-action reports reveal that well-known vulnerabilities were exploited by attacks, causing millions of dollars worth of damage to businesses and their customers. The companies’ security programs had discovered those vulnerabilities and notified IT operations and corporate management, but the vulnerabilities had not been remediated or mitigated. The check engine light had been turned on, but no connection had been made to business criticality. Again, great for the incident response and security consulting services; bad for the businesses’ bottom lines.

Moving to a risk-based vulnerability program has helped many businesses avoid the check engine light trap. This paper provides SANS advice for actionable steps to enable security managers to reduce risk and demonstrate business value by increasing the maturity and effectiveness of their vulnerability management processes and controls. The main focus is on the key questions to ask of product and service providers to select the best approach for your organization.

First Name

Last Name

Job Title

In which industry do you work?

Company Name

Address

City

State

Postal Code

Country

Phone

How many people are employed by your entire organization?

Company Revenue

I would like to receive marketing communications from Tenable regarding its products and services
Yes No

I consent to have this website store my submitted information so they can respond to my inquiry. See your Privacy Policy to learn more about how we use data.