| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Today’s Enterprise organizations are being misled with regard to their security risk exposure, and are in serious danger of becoming victims of security breach events. The automated vulnerability management (VM) solutions and products that are central to every Enterprise information security program, and which are essential in gauging network security information risk, contain a serious “hidden” flaw which is now beginning to come to light. This software flaw is interleaved within pattern matching-like algorithms located deep within the foundational core of the most prevalent and widely used automated VM system products and solutions on the market today.
As a direct consequence of this flaw, even though these products report a certain level of network security risk, the metric upon which their calculations are based is skewed, resulting in an unintentional gap between the products’ intended information risk measurement and the erroneous measurement actually reported.
This session covers the technical details of the referred to hidden flaw, its consequences and what you can do to limit your exposure. Gordon MacKay, CISSP, serves as Executive Vice President and Chief Technology Officer (CTO) for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company’s scanning technology.
MacKay has presented at numerous security related conferences, including RSA, and has been featured by top media outlets such as FOX Business, Softpedia, IT World Canada and others.
He holds a Bachelor's in Electrical Engineering, Computer Engineering from McGill University. He serves as a Distinguished Fellow for the Ponemon Institute.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast