Sign up to save your podcasts
Or
Share Vulnerability Management is Dead! - Rickard Carlsson - ESW #257
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Vulnerability Management is Dead! - Rickard Carlsson - ESW #257
Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and production being sometimes just minutes apart, scanning for CVEs is not enough to stay on top of web threats. There are lots of critical things traditional app scanners won't catch, like dangling DNS records, subdomain takeover and open S3 buckets. To keep their growing attack surface secure, companies need to combine crowdsourced vulnerability detection with solutions that detect outliers and anomalies in their software - before these become an attack vector. In this episode we'll discuss:
- Why hunting for vulnerabilities is no longer enough to stay on top of threats
- Vulnerability Management vs Attack Surface Management
- How security teams can adapt their vulnerability management process to modern dev cycles.
Segment Resources:
More insights on how to secure your external attack surface: https://detectify.com/resources
Free trial of Detectify's attack surface management solutions: https://detectify.com/product/surface-monitoring
https://detectify.com/product/application-scanning
This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw257
View all episodes
By Security Weekly Productions
4.7
3535 ratings
Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and production being sometimes just minutes apart, scanning for CVEs is not enough to stay on top of web threats. There are lots of critical things traditional app scanners won't catch, like dangling DNS records, subdomain takeover and open S3 buckets. To keep their growing attack surface secure, companies need to combine crowdsourced vulnerability detection with solutions that detect outliers and anomalies in their software - before these become an attack vector. In this episode we'll discuss:
- Why hunting for vulnerabilities is no longer enough to stay on top of threats
- Vulnerability Management vs Attack Surface Management
- How security teams can adapt their vulnerability management process to modern dev cycles.
Segment Resources:
More insights on how to secure your external attack surface: https://detectify.com/resources
Free trial of Detectify's attack surface management solutions: https://detectify.com/product/surface-monitoring
https://detectify.com/product/application-scanning
This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw257
More shows like Security Weekly Podcast Network (Video)
View all
Security Now (Audio)
2,009 Listeners
RunAs Radio
83 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
Network Break
101 Listeners
CyberWire Daily
1,020 Listeners
Security Weekly News (Audio)
33 Listeners
The Matt Walsh Show
28,414 Listeners
CISO Series Podcast
189 Listeners
Cyber Security Headlines
139 Listeners
Morning Wire
26,616 Listeners