FireEye Stories

Busting the Myths of Vulnerability Management

I recently had the opportunity to speak with Jared Semrau, head of our vulnerability and exploitation intelligence team. Jared filled me in on how his team gathers information on new and existing exploitable bugs, how they combine that with what FireEye knows from engagements and device detections, and how they map that intelligence to known threat actors. There are a lot of myths going around about how vulnerability management should be handled, and this discussion helped cut through a lot of that.

During our chat, we also discussed why FireEye rates less than 0.01 percent of its vulnerabilities as critical, compared to 10 percent of vulnerabilities being rated critical by public sources. Jared did a great job of explaining how this focus on only the truly critical and exploitable vulnerabilities helps our clients better utilize their limited threat hunting resources, and keep operational systems online as much as possible without unnecessary out-of-cycle patching.

Listen to the podcast right now to learn more about vulnerability management, and subscribe to the FireEye Eye on Security podcast series: