Source: National Cyber Security News
When it comes to cybersecurity, your chief objective should be to manage things proactively and on your terms, as opposed to constantly playing catch-up and responding to vulnerabilities only after they’ve been exploited.
Unfortunately, too many organizations, including the U.S. federal government, still operate in a reactive mode because they generally lack two things: 1) accurate visibility into their own IT infrastructure and the potential cyber vulnerabilities lurking there; and 2) up-to-date, accurate information to help them prioritize and manage their vulnerabilities from a risk-management perspective.
After a decade of experience consulting with U.S. federal agencies, I’ve found it all too common for organizations to have little to no insight into the End-of-Support/End-of-Life (EOS/EOL) dates for their software and hardware assets. Many also don’t know the Common Vulnerability Scoring System (CVSS) values of their hardware and software assets.
This is understandable. Today, there are 31 million naming conventions that exist for 2 million hardware and software products—including, for example, 16,000 ways that inventory tools refer to an SQL Server. This lack of uniformity for how specific products are referred to results in a confusing hodgepodge of data that undermines most efforts at obtaining a comprehensive view of a network’s IT asset inventory and risk profile.