BeyondTrust, the cyber security company dedicated to preventing privilege misuse, vulnerability management, and stopping unauthorised access, announced the availability of a new book, Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organisations. The book, authored by BeyondTrust’s Chief Technology Officer, Morey J. Haber, and Chief Operating Officer, Brad Hibbert, and published by Apress, is focused on how to build an effective vulnerability management strategy to protect an organisation’s assets, applications, and data.
As published in BeyondTrust’s recent survey, next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are improving operational efficiencies and cost savings, however, 78 percent of users cite security concerns and acknowledge the vulnerabilities these technologies introduce to their networks. In fact, one in five respondents experienced five or more breaches related to next-generation technologies.
In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data centre
Understanding and mitigating vulnerabilities
This book details how today’s network environments are dynamic, requiring multiple defences to mitigate vulnerabilities and exploits and stop data breaches. In the modern enterprise, everything connected to the network, cloud, and mobile device is a target as the perimeter expands beyond the traditional data centre.
“Today’s attack surfaces are rapidly expanding to include, not only traditional servers and desktops, but also routers, printers, cameras, and other IoT devices,” said Morey J. Haber, Chief Technology Officer at BeyondTrust. “It doesn’t matter whether an organisation uses LAN, WAN, cloud, wireless, or even a modern PAN ― savvy criminals have more potential entry points than ever before. To stay ahead of these threats, IT and security leaders must be aware of exposures and understand their potential impact.”
SLAs for vulnerability and patch management
The book is structured to provide guidance to help organisations build a vulnerability management program fit to meet the challenges of the modern threat environment. Drawing on years of combined experience, the authors detail the latest techniques for threat analysis, risk measurement, and regulatory reporting. Also outlined are practical service level agreements (SLAs) for vulnerability management and patch management.
The book contains guidance for readers to:
- Create comprehensive assessment and risk identification policies and procedures
- Implement a complete vulnerability management workflow in nine easy steps
- Understand the implications of active, dormant, and carrier vulnerability states
- Develop, deploy, and maintain custom and commercial vulnerability management programs
- Discover the best strategies for vulnerability remediation, mitigation, and removal
- Automate credentialed scans that leverage least-privilege access principles
Our hope is the book helps readers get ahead of threats and protect their organisations with an effective asset protection strategy"Asset protection strategy
Readers will also gain insights from real-world case studies that share successful vulnerability management strategies and reveal potential pitfalls.
“Vulnerability management needs to be more than a compliance check box—it should be a foundation of an organisation’s cybersecurity strategy,” said Brad Hibbert, Chief Operating Officer at BeyondTrust. “Our hope is the book helps readers get ahead of threats and protect their organizations with an effective asset protection strategy.”
Late last year, authors Morey J. Haber and Brad Hibbert released another book, Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organisations. The book details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organisations must adopt to protect against a breach, prevent lateral movement, and improve the ability to detect hacker activity and insider threats in order to mitigate cyber risk.