Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Patrick Garrity, Security Researcher at Nucleus Security, interviews Aleksandr Yompolski, CEO of Security Scorecard, about the evolving cybersecurity landscape and the role of security ratings and risk assessments. They discuss the challenges organizations face in defending against exploitation attacks, the need for collaboration and communication in the industry, and the importance of balancing security and business agility.

When you’re managing cybersecurity at the enterprise level, it’s crucial to have a full breadth of understanding of the ins-and-outs of your enterprise vulnerability management program — including all of the challenges that come along with it. Only then can you begin to effectively prioritize risks and get ahead of vulnerabilities as quickly as possible. In this webinar, join our panelists of cybersecurity experts as they discuss.

This past week, Patrick Garrity, Security Researcher at Nucleus, spent a lot of time exploring Cybersecurity and Infrastructure Security Agency's update the Known Exploited Vulnerabilities catalog, which now includes attribution to vulnerabilities associated with ransomware campaigns. In this short video, he explores this new addition and walks through the data visualizations he created to provide broader visibility into this new addition.

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.