To Patch or Not to Patch? 4 Steps to Effective Vulnerability Management with Security Intelligence

At the 2015 Qualys Security Conference (QSC) in Las Vegas, Jayson Jean, director of iDefense Vulnerability Intelligence, and Research Engineer Rohit Mothe, discussed the ways in which Verisign iDefense Security Intelligence Services have provided key context around public and zero-day vulnerabilities, and by association, helped customers make better-informed decisions around threat mitigation. A core concept discussed in their talk is that threat mitigation often starts with recognizing and prioritizing mitigation of software vulnerabilities.

Managing risk can require difficult decisions about what to patch or mitigate now, and what will have to wait. This is due to the fact that most businesses operate under a “resource-constrained” model and don’t have the staff or funds to patch everything immediately. But making these decisions accurately and quickly requires the context that security intelligence provides.

If you’re a business looking to supplement your existing vulnerability management activities with reliable, actionable security intelligence in context, here are four steps you can take:

4 Steps to Effective Vulnerability Managemen

To learn more about industry best practices in vulnerability research and intelligence, download our white paper titled, To Patch or Not to Patch: Security Intelligence Best Practices for Vulnerability Management. In this brief report, Verisign outlines how organizations like yours can use security intelligence to make better decisions that can lead to material time and cost savings, and a more secure computing environment.

Josh Ray

Josh Ray

As Vice President, Verisign iDefense Security Intelligence Services, Josh Ray is responsible for developing operational plans for the organization, overseeing the fulfillment of client commitments and providing the strategic direction for the iDefense product line. He has more than 12 years of combined commercial, government and military experience in the field of Cyber Intelligence, Threat Operations, and Information Security.

Leave a Reply