So you have a vulnerability management program. Great. Excellent. But are you able to let the management team know if it is being effective or not? In this final Vulnerability Management series webcast, join Jonathan (MGT516 co-author and SANS certified Instructor) as he discusses how to show your program is being effective through metrics and measures. He will discuss metrics that a new program can start creating and generating on day 1 as we...

Do you ever run into problems with your vulnerability management program that you wished you had at your fingertips just one more little piece of information? To help conduct some prioritization, or to know who the business owner is, or to inform people this was an end of life system… All valuable and great to have readily available. But alas, we often are missing information, or it is not easy to access. Join Jonathan (MGT516 co-author...

It’s well-documented and often discussed that diverse teams lead to better, more profitable outcomes, and the last couple years have seen a surge in long-overdue dialogue about the importance of equity, inclusion, and belonging. Much of this dialogue has focused on gender equity and including/amplifying voices of the BIPOC* community in cybersecurity. With this Summit, we turn our attention to the unique strengths, experiences, and chall...

In addition to highlighting trends in vulnerability management, this year's survey digs a little deeper into how cloud and the expanding remote workforce affected the ways in which organizations handle reporting and remediation. On this webcast, sponsor representatives will join the survey author for an analysis of the survey, and share their thoughts on emerging vulnerability management trends. Click the Get Registered button to sign up for t...

This year's Vulnerability Management Survey highlights some of the trends in vulnerability management based on the data we have gathered over the past two years. This webcast explores the results of our 2021 Vulnerability Management Survey, which examines key issues such as: How organizations are discovering different types of vulnerabilities Who is responsible for the different processes related to vulnerability management How organizations a...

This 2021 SANS report provided insights for a business-relevant definition of visibility as well as its application to essential security controls and processes--such as hygiene basics and asset inventory/management--that underlie successful security programs. In this webcast, authors--SANS Research Director Barbara Filkins and SANS Director of Emerging Security Trends John Pescatore--and sponsor representatives will provide action recommendat...

There is an internet security truism that says, "The internet is actually pretty secure--it is all those vulnerable endpoints that are the problems." Securing user devices is a complex problem, but it is not an unsolvable problem. This webcast explores our 2021 report, "Making Revolutionary Gains in Security on Your Endpoints," which details a decision framework that security managers can use to map their existing IT management and security op...

Business damages from ransomware and phishing attacks have made it clear that sensitive business information and application must be better protected. Increased enforcement of national- and state-level privacy laws, as well as the need to secure data across multiple cloud environments, has highlighted the need for reliable and transparent data encryption services to protect information while enabling business access. During this SANS WhatWorks...

In Part 1 of this series, MGT516 course author Jonathan Risto discussed what makes a good metric and provided 5 metrics to start measuring within your vulnerability management program, regardless of your program maturity. In this second part of the Vulnerability Management series, MGT516 course author Jonathan Risto will discuss the following metrics: Mean Time to Resolve Average Exposure Window Vulnerability Reopen Rate and why these advanced...

Log data is critical for understanding how systems are operating and for monitoring malicious activity with the IT environment. This is particularly true for traditional systems as well as modern systems in the midst of a digital transformation that lack an audit trail, such as multi-cloud and DevOps environments, microservices, and containers. The technologies and trends organizations embrace as they accelerate their transformation all increa...