NopSec

MAY 17, 2019

NopSec’s founders, Michelangelo Sidagni and Lisa Xu built the company with one main goal in mind: better prioritization. Why isn’t CVSS alone effective at prioritizing vulnerabilities? CVEs with critical NopSec risk score are 4 ⨉ more likely to have threats associated with them than CVEs with critical CVSS.

Risk 52

Risk Malware Accountability Firewall 52

NopSec

OCTOBER 14, 2022

The post “Future of Vulnerability Management” Podcast Episode 9: Why it’s Important for Security Practitioners to Understand Business Logic to Prioritize Vulnerabilities appeared first on NopSec.

Technology 52

Technology Risk Engineering Accountability 52

NopSec

SEPTEMBER 23, 2022

The post “Future of Vulnerability Management” Podcast Episode 6: The Role Vulnerability Management Plays in Proper Cyber Hygiene appeared first on NopSec.

Antivirus 52

Antivirus CISO Architecture IoT 52

NopSec

FEBRUARY 14, 2022

In the meantime, we encourage you to contact us if you have any questions about how NopSec has been helping organizations gain a technological edge with our suite of security tools. Next: Creating a Vulnerability Management Program – What is Vulnerability Management and the VM Lifecycle Stages?

Penetration Testing 52

Penetration Testing Phishing Technology Firewall 52

NopSec

SEPTEMBER 4, 2019

NopSec understands that it might be difficult to perform this for various reasons (e.g., That is why NopSec offers asset value recommendations. Why Asset Prioritization? That is why asset prioritization is so impactful when it comes to vulnerability management. The post Asset Value appeared first on NopSec.

InfoSec 40

InfoSec Risk 40

NopSec

JUNE 28, 2022

That’s why the combination of vulnerability awareness and threat intelligence is so essential in reducing risk. And beyond such methods, more fully integrated and automated threat intelligence information can be gained through tools such as the risk-based vulnerability management (RBVM) applications that NopSec offers.

Telecommunications 52

Telecommunications Authentication Small Business Passwords 52

NopSec

OCTOBER 18, 2022

At Nopsec, we utilize our own proprietary risk scoring methodology, comparable to EPSS, while also accounting for environmental impacts. Additionally, given data on mitigating controls, Nopsec modifies risk scores to account for systems with detect and prevent threats.

Risk 52

Risk Accountability Software Cybersecurity 52

NopSec

MAY 22, 2019

CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability NopSec advises you to apply patches immediately. That is why Microsoft released patches even for out-of-the support versions Windows 2003 & XP. Fixes Due to the severity of CVE-2019-0708, we suggest you to apply patches immediately from Microsoft Security Guide.

Firewall 40

Firewall Passwords Authentication Risk 40

NopSec

AUGUST 10, 2022

The post Introducing: the “Future of Vulnerability Management” Podcast appeared first on NopSec.

Technology 52

Technology Information Security Risk 52

NopSec

SEPTEMBER 9, 2022

The post “Future of Vulnerability Management” Podcast Episode 4: How a 105 year old Ad Agency Tackles Vulnerability Management With Clients appeared first on NopSec.

Advertising 52

Advertising Technology Media Marketing 52

NopSec

SEPTEMBER 15, 2022

The post “Future of Vulnerability Management” Podcast Episode 5: How to Bridge the Gap Between Risk Management and Core Business Outcomes appeared first on NopSec.

Risk 52

Risk CISO Technology Information Security 52

NopSec

FEBRUARY 13, 2024

Brad LaPort , a veteran Gartner analyst and I were on a content project, talking about why the market was missing out on a new category to encapsulate the disparate exposure data and derive actionable insights. Why Now In the last 20 years, there have been tons of innovations in the “Active” and “Reactive” Security spaces.

Marketing 52

Marketing Risk Digital transformation Software 52

NopSec

SEPTEMBER 6, 2022

The State of Vulnerability Management report, recently released by NopSec, shows that while organizations are making strides in vulnerability management, there is still much work to be done. At NopSec, we advocate for this approach to vulnerability management as we lead our customers into the future.

Risk 52

Risk Architecture Data breaches Cybersecurity 52

NopSec

MARCH 22, 2022

At NopSec, we think of the pathway to optimal vulnerability management as consisting of these phases: Prepare — You need to line up resources in the form of a budget, team members, tools and processes for what you’re about to undertake. appeared first on NopSec. The final destinations are largely identical.

Cybersecurity 40

Cybersecurity Technology 40

NopSec

MARCH 6, 2013

Tracy had questions about what we do at NopSec and then we dove into a conversation about why normalizing and aggregating data ensures security gaps are filled. The audio interview is just over 3 minutes long and definitely worth a listen. Overcoming Too Much Data.

Risk 40

Risk Information Security 40

NopSec

NOVEMBER 8, 2022

Why it matters: The number of security tools available for teams to choose from can seem overwhelming. Question 2: “ What insight does the RBVM platform provide into why a particular vulnerability was prioritized and scored the way it was?” The post Five Questions to Ask Before Choosing an RBVM Platform appeared first on NopSec.

Risk 52

Risk CISO 52

NopSec

APRIL 24, 2013

Lisa Xu, CEO of NopSec, was interviewed recently by BankInfoSecurity.com about her career in information security – a male-dominated field – and asked about what advice she can offer for women to grow in their careers. Lisa also spent some time talking about why cultural differences can be advantageous in the job market.

Marketing 40

Marketing Information Security 40

NopSec

DECEMBER 30, 2022

At Nopsec, we provide our clients with an Overall Score for this purpose (see image for example below). Here is how we display this at NopSec: Notice again, we put emphasis on keeping these metrics simple and digestible. At this point, one needs to dig a little deeper into the data to understand the why and provide courses of action.

CISO 52

CISO Risk Software Education 52

NopSec

JULY 12, 2022

NopSec’s Unified further helps organizations further centralize their asset discovery by ingesting their CMDB and can utilize existing asset groups. This first foray into your organizational vulnerabilities is needed to get a broader view of where you need to put your efforts in terms of visibility, risks, and prioritization.

Risk 40

Risk Cybersecurity Manufacturing Technology 40

NopSec

MAY 8, 2019

This is why we will shift to Atlassian Confluence Server, the second most mentioned vulnerability.-NVD Click Here The post Trending CVEs for the Week of May 6th, 2019 appeared first on NopSec. Even though, CVE-2019-2725 is still the most talked about this week, despite no major new developments surrounding them.

Risk 40

Risk Authentication 40

NopSec

FEBRUARY 6, 2019

Why pushback? This is where NopSec can help. Next in the series, part five, will cover methods for validating fixes and why this is necessary. The post Time is Money Part 4: Fix Security Vulnerabilities appeared first on NopSec. Patching and updating existing code is risky and disruptive. To Fix or Not?

Internet 52

Internet Internet Ransomware 52

NopSec

AUGUST 7, 2013

Lisa Xu, Chief Executive Officer at NopSec, knows that an outside perspective is critical to building the company. Lisa recently met with Geri Stengel at Forbes to discuss how NopSec is building a board of advisors and what advice could be passed along to other readers. “ Why have an advisory board?

Financial Services 40

Financial Services Marketing Accountability Technology 40

NopSec

JUNE 14, 2017

Here at NopSec, programs are underway for our clients to ensure that they’re on-track to meet compliance and we’ve also been producing a series of NYDFS Cybersecurity Regulations webinars to help IT Teams and their organizations learn more. The “why” in this case is simple enough. What do they require? When do they want it done by?

Cybersecurity 40

Cybersecurity Penetration Testing CISO Risk 40

NopSec

OCTOBER 25, 2013

So why do so many companies rely on an annual penetration test as the only safeguard against a cyber-attack? ” When NopSec performs a penetration test, the customer receives documented proof of specific systems that have been compromised. When does penetration testing apply? And certainly not once per year.

Penetration Testing 40

Penetration Testing Risk Cyber Attacks Technology 40

NopSec

AUGUST 23, 2022

It’s not hard to understand why if you take a high-level view of the matter. Nopsec Tools for Managing Vulnerabilities and Threats NopSec has created a set of tools designed for risk-based vulnerability management (RBVM) – that is, the risk that is derived by looking at the combination of vulnerabilities and threats.

Risk 40

Risk Cybersecurity Penetration Testing Media 40

NopSec

SEPTEMBER 28, 2018

Why the hacker’s way, of course! There’s a playbook to follow for an effective to way to defend your data and manager your vulnerability risks — the NopSec way! Schedule a demo The post Threat Exposure Management: The Hacker’s Approach to Vulnerability Risk Management appeared first on NopSec.

Risk 52

Risk Engineering Cyber Risk Phishing 52

NopSec

FEBRUARY 25, 2015

Otherwise, most of the organization that use NopSec solution Unified VRM would be doomed and destined to compromise since at the beginning they have hundreds of thousands of unique and critical security vulnerabilities. To put into perspective, NopSec has customers with hundreds of thousands of critical vulnerabilities detected.

Risk 52

Risk Media Malware Engineering 52

NopSec

APRIL 6, 2022

With just 3% of companies being led by women, do we really wonder why we have a gender diversity problem in cybersecurity? appeared first on NopSec. Our goal was simple: to see how many are led by women. Of the 654 startups analyzed, only 22 — or 3.3% were led by female CEOs. What’s actually being done to address this problem?

Cybersecurity 52

Cybersecurity Media 52

NopSec

APRIL 5, 2022

That’s why we suggest you start with the two other parts of the people-process-technology structure before making an investment in cybersecurity tools. But too much of a focus on technology itself can result in buying things that aren’t appropriate for our situations because we didn’t fully know what we needed to begin with.

Technology 40

Technology Cybersecurity Education Risk 40

NopSec

SEPTEMBER 6, 2013

Why is vulnerability management important for AWS instances? Unified VRM is hosted on Amazon Web Services for first-hand experience NopSec has first-hand knowledge of vulnerability management for Amazon Web Services. The post Vulnerability Management for Amazon Web Services (AWS) appeared first on NopSec.

Penetration Testing 40

Penetration Testing Accountability Software Risk 40

NopSec

JUNE 28, 2017

Some offer a $5,000 flat-rate, and some don’t even publish their prices online (NopSec falls in this camp, and you’ll soon know why). Why the vast difference? Here at NopSec, these are some of the first questions we ask our prospective clients. And really, where do you start?

Penetration Testing 40

Penetration Testing Accountability Technology Risk 40

NopSec

OCTOBER 23, 2012

No wonder why the bad guys keep getting in exploiting low hanging fruit vulnerabilities! I asked why they do not change their VM process and they do not devise a complete vulnerability management process. Learn about NopSec’s unique approach to vulnerability risk management. appeared first on NopSec.

Penetration Testing 40

Penetration Testing InfoSec Risk 40

NopSec

AUGUST 30, 2022

Beyond Unified VRM, NopSec also offers modules specific to the remediation process: Collaborator: This tool automatically creates remediation tickets with assigned SLAs and team ownership in your ITSM platform for seamless hand-offs from security to IT operations.

Risk 40

Risk Technology Penetration Testing Cybersecurity 40

NopSec

FEBRUARY 7, 2013

One of our customers in the banking industry recently told me why they love our product. Learn more about NopSec’s approach to penetration testing and the methodology we use to secure applications and infrastructure from security breaches. The post Reduce your odds of needing incident response appeared first on NopSec.

Penetration Testing 40

Penetration Testing Education Banking Cyber Attacks 40

NopSec

APRIL 2, 2019

That is why we focused first on creating a flexible table of vulnerabilities that can reduce your workload from days to minutes. Reducing noise without losing data Here at NopSec our goal is to bring all your data together and show it to you in one pane of glass. People aren’t going to use it if it doesn’t work.

InfoSec 40

InfoSec Risk Technology Engineering 40

NopSec

JANUARY 4, 2016

So why are so many security operation teams failing to adopt automation when it comes to vulnerability management?… The post Vulnerability Management Myths appeared first on NopSec. There are tons of technologies out there that are trying to “AUTOMATE” every aspect of human life. So think to yourself…. Come along for the ride!

Technology 40

Technology Risk 40

NopSec

MARCH 29, 2016

From left to right: Andrew Malcolm, Charles Tendell, Steve Magny, and Michelangelo Sidagni) The topic of the panel was particularly interesting to us here at NopSec because we always try to help our customers sell security internally for value and “return on investment.” Why exactly are we trying to protect it?

Penetration Testing 52

Penetration Testing eCommerce Risk Cybersecurity 52