- Видео 75
- Просмотров 43 751
Nucleus Security
США
Добавлен 30 авг 2021
Nucleus is a vulnerability and risk management solution that automates VM processes and workflows, enabling organizations to mitigate vulnerabilities 10 times faster, using a fraction of the resources that it takes to perform these tasks today. Supporting nearly 100 integrations, Nucleus unifies the existing tools in a security stack, creating a centralized hub to control the chaos of vulnerability analysis, triage, and remediation. Nucleus is on a mission to solve the real problems organizations are facing in discovery and remediation of vulnerabilities - before they become exploits.
Nucleus Security’s Year-End Panel on Risk-Based Vulnerability Management
In this Nucleus webinar, our panel of cybersecurity experts delves into the complexities and best practices for Risk-Based Vulnerability Management (RBVM) in modern organizations. Led by co-founder Scott Kuffer, the discussion covers the evolution of RBVM, the importance of a unified data approach, the role of automated tools, and effective metrics for vulnerability management. Insights from Cecil Pineda, Gregg Martin, and Steve Carter provide a comprehensive look at strategies for mitigating risks and improving security posture through enhanced vulnerability management processes into 2025.
Chapters
02:01 Panel Introductions
03:49 Current State and Future Predictions
05:59 Challenges in Vulne...
Chapters
02:01 Panel Introductions
03:49 Current State and Future Predictions
05:59 Challenges in Vulne...
Просмотров: 48
Видео
SecurityScorecard Connector Demo
Просмотров 233Месяц назад
In this demo of Nucleus Security's integration with SecurityScorecard, learn how users can set up, manage, and leverage this connection for enriched vulnerability and asset data. The demo highlights key features such as asset grouping, the inheritance of tags, and metadata integration from SecurityScorecard, which users can utilize for detailed reporting and automation. In the Vulnerabilities s...
Orange Cyberdefense Customer Story
Просмотров 96Месяц назад
Dominic White, Global Ethical Hacking Director at Orange Cyberdefense, shares how the Nucleus platform has transformed the company's vulnerability management approach. Dominic discusses how Nucleus' flexibility and customer-focused support stood out, enabling Orange Cyberdefense to shift from a custom-built platform to a powerful, streamlined solution that drives real results. Dominic highlight...
Why Risk-Based Vulnerability Management (RBVM) Increases Your Security Debt, and How You Can Fix It
Просмотров 284Месяц назад
In this Nucleus webinar, we take a deep dive into the practical challenges and strategies for managing security debt in the context of Risk-Based Vulnerability Management (RBVM). Scott Kuffer, co-founder of Nucleus Security and veteran in vulnerability management, explains how RBVM has shifted from a holistic risk reduction approach to a prioritization-heavy process that often falls short. He d...
Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform
Просмотров 1683 месяца назад
In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: - How VIP automates threat prioritizatio...
Measuring Risk with One Yardstick: Lessons Learned on the Road to RBVM
Просмотров 1353 месяца назад
How should we measure risk? Zebra Technologies has more than a dozen cybersecurity tools, thirty-five teams, and hundreds of people worldwide managing vulnerabilities. They wanted to measure with one yardstick; use a single, risk-based solution that could be customized to meet business criteria. Scott Kuffer, COO of Nucleus Security, and Dr. Jasyn Voshell, Director of Products and Solutions Sec...
Predictive Vulnerability Management: Operationalizing EPSS with Business Context
Просмотров 2303 месяца назад
Join us for an in-depth webinar on the Exploit Prediction Scoring System (EPSS), a powerful tool for predicting the exploitability of vulnerabilities. This discussion features experts Jay Jacobs from Cyentia and Stephen Schafferr from Peloton Interactive. They explore the intricacies of EPSS, its application, and the benefits of using EPSS over traditional methods like CVSS for better vulnerabi...
Triaging Non-CVE Vulnerabilities with Nucleus
Просмотров 1754 месяца назад
Join Scott Kuffer, Co-Founder of Nucleus Security, in this webinar, focused on effective vulnerability management. Dive deep into the complexities of managing non-CVE based vulnerabilities. Learn about centralized vs. distributed remediation strategies and gain practical tips on triaging, prioritizing, and responding to vulnerabilities. This webinar emphasizes the importance of a unified approa...
Building a Human-Centric Vulnerability Management Program
Просмотров 2166 месяцев назад
Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human fac...
5 Things Holding Back Your Vulnerability Management Program and How to Overcome Them Step by Step
Просмотров 1546 месяцев назад
Welcome to our latest vulnerability management webinar, hosted by Scott Kuffer and Gene Bandy. In this session, Scott and Gene dive deep into the complexities and challenges faced by organizations in managing vulnerabilities and what you can do about it. Key Topics Covered: - The role of automation in improving vulnerability management processes. - The complexities of using multiple ticketing s...
Vulnerability Management Benchmarking: Metrics and Practices of Highly Effective Organizations
Просмотров 4968 месяцев назад
This webinar dives deep into vulnerability management metrics, the challenges of maintaining cloud and ephemeral assets, and the discrepancies in vulnerability management across different organizations. Join us as we unravel the nuances of MTTR (Mean Time to Remediate), SLA (Service Level Agreements), and how high-performing organizations manage cybersecurity threats more efficiently. Don't mis...
What Does a Solid VM Ticketing Workflow Actually Look Like?
Просмотров 3788 месяцев назад
In this webinar, Scott Kuffer discusses the challenges and best practices of vulnerability management workflows and ticketing. He emphasizes the discrepancy between vulnerability management teams' priorities and the priorities of the business as a whole. Scott explores different ticketing workflows, starting with basic vulnerability-based tickets and progressing to more advanced options such as...
Visualizing Vulnerability Management: What Does a Single Pane of Glass Really Look Like?
Просмотров 2819 месяцев назад
Single Pane of Glass (SPOG) is a common buzzword that sends shivers down the spines of technical folks everywhere. Yet, executive teams ask for it, especially in vulnerability management. At the same time, the complex and fragmented nature of modern IT environments wreaks havoc on organizations aiming to understand their current location related to remediating and patching risks. So, what exact...
Applying Vulnerability Intelligence to CVSS and SSVC Frameworks
Просмотров 49210 месяцев назад
In this presentation, we explore the intersection of vulnerability intelligence and prioritization frameworks such as CVSS and SSVC as a means for strategically and rapidly prioritizing vulnerabilities to stay ahead of exploitation risks. We delve into the process of applying real-time threat intelligence tailored to the vulnerability landscape to enhance decision-making, optimize resource allo...
How to Automate and Streamline Vulnerability Management Processes
Просмотров 61610 месяцев назад
Scott Kuffer, COO and co-founder of Nucleus Security, and Sonia Blanks, Director of Product Marketing of Nucleus Security, discuss the role of automation in vulnerability management. They emphasize the importance of looking beyond individual parts of the process and instead focusing on automating the entire ecosystem. Scott shares insights on how to streamline the vulnerability management proce...
How to Operationalize Vulnerability Threat Intelligence
Просмотров 1,2 тыс.Год назад
How to Operationalize Vulnerability Threat Intelligence
What is Exploit Prediction Scoring System (EPSS)?
Просмотров 2,3 тыс.Год назад
What is Exploit Prediction Scoring System (EPSS)?
Applied Lessons from Product Security Teams in Vulnerability Management | Nucleus Security
Просмотров 373Год назад
Applied Lessons from Product Security Teams in Vulnerability Management | Nucleus Security
The Rise In Vulnerability Disclosure, Exploitation and Threat Intelligence
Просмотров 178Год назад
The Rise In Vulnerability Disclosure, Exploitation and Threat Intelligence
How CISO's Should Approach Security Vulnerability Risk
Просмотров 165Год назад
How CISO's Should Approach Security Vulnerability Risk
Navigating the Challenges of Enterprise Vulnerability Management
Просмотров 941Год назад
Navigating the Challenges of Enterprise Vulnerability Management
CISA KEV's Known Ransomware Attribution
Просмотров 130Год назад
CISA KEV's Known Ransomware Attribution
A Deep Dive into the Exploit Prediction Scoring System EPSS
Просмотров 1,1 тыс.Год назад
A Deep Dive into the Exploit Prediction Scoring System EPSS
Using Decision Trees for Vulnerability Prioritization With SSVC
Просмотров 1 тыс.Год назад
Using Decision Trees for Vulnerability Prioritization With SSVC
Visualizing Vulnerability Data with Patrick Garrity on Nucleus Shortcuts
Просмотров 298Год назад
Visualizing Vulnerability Data with Patrick Garrity on Nucleus Shortcuts
Preparing for Cybersecurity Resilience and Incident Response
Просмотров 248Год назад
Preparing for Cybersecurity Resilience and Incident Response
How To Normalize Finding Severities Across Multiple Scanning Tools
Просмотров 106Год назад
How To Normalize Finding Severities Across Multiple Scanning Tools
Stakeholder Specific Vulnerability Categorization (SSVC) and decision trees
Просмотров 568Год назад
Stakeholder Specific Vulnerability Categorization (SSVC) and decision trees
July 14, 2023: A Week in Vulnerability Management with Patrick Garrity
Просмотров 71Год назад
July 14, 2023: A Week in Vulnerability Management with Patrick Garrity
can't attacker , with aid of ai, go focus on the rest of 96% of critical and exploitable vulnerabilities knowing that SSVS and EPSS are in use?
Theoretically, attackers could leverage AI to identify and exploit vulnerabilities not flagged as critical or urgent by frameworks like SSVC and CVSS. However, AI’s role in offensive security is still relatively limited, and attackers don’t necessarily need AI to exploit vulnerabilities quickly. What matters most is reducing the exposure of critical areas in your environment and implementing strong compensating controls. Both attackers and defenders are advancing in AI use, but defensive tools are also evolving to help anticipate and counter new tactics. Instead of focusing solely on vulnerabilities ranked by traditional frameworks, it's essential to prioritize and secure the high-risk assets within your environment, leveraging both AI and strategic defenses.
Great video on operationalizing vulnerability threat intelligence! I'm curious, what are the key challenges you typically face when integrating threat intelligence into existing security workflows?
Thanks for the comment and question @JossOrtan. For security practitioners integrating threat intelligence into existing security workflows, we often see several common challenges. This isn't a comprehensive list, but hopefully helps provide context and builds on the content of the video. For starters, organizational adoption of threat intelligence can affect trust in existing workflows. As workflows are changed and findings are adjusted based on what the new data tells us, it can create a period of transition and evaluation. There's also a data overload concern. Too much intelligence without proper prioritization can cause confusion and affect how the organization handles remediating existing findings. Trust issues also exist when approaching the sources of threat intelligence. Can you rely on them to make extremely important security risk decisions? As these decisions can happen multiple times a day, vetting security threat intelligence data is vitally important. Finally, we have to consider the ability to automate on key moments in the analysis pipeline that properly utilizes the threat intelligence data you are consuming. Is the integration of the threat intelligence data adding on hours and hours over time of required manual analysis to security events? Or is there a pathway to consuming the information and allowing the applied automation to make those decisions in seconds? These are some considerations that arise when integrating threat intelligence. Of course, there are other, more organization-specific challenges. If you have any other questions, contact us - we're happy to chat!
Is it possible to extract data from Nucleus through API calling
Would be good if you could run through an example to explain how these apply
This is a vital part of vulnerability management
Duuude I skate and hack too! This is sick. Boards are part of the office?
The video has helped me to better understand the subject and has given me some new ideas for how to approach it in my own work. I will definitely be sharing this video with my colleagues.
Great presentation. Are you hiring? :)
Just talking nonstop without any visuals does not make any sense when you have the word "roadmap" in your title.
Thank you
"We don't use any AI or ML in our tagging process" - thats how you know this guy knows wtf hes doing, lol. Hes not trying to shove AI in your face just to market. This is a great, no BS, no marketing hype intro.
Very informative with great ideas
I just hate AirPods sound quality, it’s terrible
thanks for perfect knowlage sharing
Thank you for this video, wish this published for wide.
How can I get a training from your company
Can you please share the link to the slides?
The emphasis on building proper relationships across teams and getting to know the functions, goals and business objectives of each team is so true. As a new Analyst myself, I’ve realized how having such knowledge helps with the various relationships.
Cybersec Dyrdek is the hizzy...
Link to the article?
Great insight into how threat intelligence and business context helps security teams manage vulnerabilities.
Thanks, Yogi! So glad you enjoyed it.
Great insight and analysis👍
Thanks so much!
Great talk
Thanks, Erik!
16:57 actual dig into the the CVSS EPSS KEV topic. Mostly KEV. 32:51 EPSS. 46:32 Threat / Risk. "Defenders think in lists, attackers thing in graph". 50:40 Asset intelligence.
And what about SSVC? Maybe next time?
Nice overview
Thanks! Glad you enjoyed it!
Thanks for this video. What tool are you using?
The tool in the video is Nucleus Security
Do you have a similar demo where GitHub is the ticketing system?
Thank you very much for this video. It has greatly helped me in my research work.