Category Archives: Vulnerability Management

Exploring the Differences between Vulnerability Scanning and Penetration Testing

Posted on July 29, 2016 by kellyk

Jerry Beasley, Security Services Manager

A common misconception held by many is that an automated vulnerability scan is equivalent to a penetration test. While both are useful tools and essential parts of an organization’s risk management program, they are not interchangeable and there are clear distinctions between the two.

Vulnerability scans work by rapidly interrogating network ports and services in order to determine types and versions of those services and any obvious configuration


Posted in Cybersecurity, IT Compliance and Regulatory Change Management, Vulnerability Management

Penetration Testing 101: An Interview with an Information Security Analyst

Posted on June 16, 2016 by lexi

cprlorca Information Security Analyst, Tommy Yowell, frequently performs penetration testing for organizations of all sizes across all industries. In a recent interview, he answered seven questions organizations typically have about penetration testing and how it can help prevent data breaches.


1.What is penetration testing?

A penetration test evaluates the security of information technology systems in an organization’s network. The main goal of a penetration test is to discover and


Posted in Cybersecurity, Information Security, Vulnerability Management

Conquer Vulnerability Management with TraceCSO

Posted on April 20, 2016 by lexi

If you’ve been following the series so far, you have a pretty good idea of what high quality vulnerability management looks like by now.

You understand the need for vulnerability management and which roles you’ll need to fill. You know how to scan for vulnerabilities and why it’s vital to categorize them by business risk.

Most importantly, you know that trying to undertake all this manually would be functionally impossible.

In order to construct and maintain a consistent, effective


Posted in Vulnerability Management

An Expert’s Take on Vulnerability Management

Posted on April 13, 2016 by lexi

As a continuation of our series on vulnerability management, I had a chance to sit down with Bennett Gogarty, one of our information security analysts at cprlorca.

Bennett is a vulnerability management expert and has worked with a wide variety of our clients during his time here. During the course of our discussion we covered the much-publicized knowledge gap, common errors, and vulnerability management suggestions for low-budget organizations.

Let’s get right into it.




Posted in Vulnerability Management

Don’t Overlook These Common Low-Risk Vulnerabilities in Your Vulnerability Management Process

Posted on April 7, 2016 by lexi

Bethany Ward, Information Security Analyst

Security assessments, such as penetration tests and vulnerability scans, often result in the identification of various types of vulnerabilities. While most organizations tend to remediate the medium- and high-risk vulnerabilities rather quickly, low-risk vulnerabilities are often pushed down on the priority list or designated as acceptable and forgotten about altogether. What many organizations may not realize is that low-risk vulnerabilities can lead


Posted in Vulnerability Management

Defend against The Dridex Locky Ransomware with Security Awareness Training

Posted on March 24, 2016 by lexi

One thing that is driving mainstream recognition of ransomware is the move by the Dridex banking Trojan gang into ransomware with their Locky strain. They have taken over from CryptoWall, which from their perspective is just an upstart. Locky was linked to the notorious Dridex gang by both Palo Alto Networks and Proofpoint. The Russian Dridex criminal group is the most prominent operating banking malware.

The Dridex Locky ransomware strain isn't more sophisticated than other latest generation


Posted in Cybersecurity, Vulnerability Management

How to Protect Your Organization Against the DROWN Vulnerability

Posted on March 16, 2016 by lexi

Cyni Winegard, Information Security Analyst 

Hackers are continuously discovering new vulnerabilities and exploits on established services. Lately, there have been numerous vulnerabilities discovered associated with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, which were designed to provide secure communications over a computer network. Recent examples include POODLE, BEAST, and most recently the DROWN vulnerability.


What is DROWN?

Decrypting RSA with Obsolete


Posted in Vulnerability Management

5 Common Vulnerability Management Mistakes… and How To Avoid Them

Posted on March 2, 2016 by lexi

So you’ve finally done it.

You’ve been thinking about it for a while, and now you’ve taken the plunge.

Your organization finally has a vulnerability management process.

Feels good, doesn’t it?

No more nagging doubts about possible vulnerabilities: You’ve seen the scan results, and your remediation plan is in full swing.

But before you pat yourself on the back, you’d do well to consider some of the big mistakes organizations make when they first approach vulnerability management.

It’ll be


Posted in Vulnerability Management

The 10 Step Checklist for Pain-Free Vulnerability Management

Posted on February 24, 2016 by lexi

So you know what vulnerability management is all about.

You’ve had the introduction and seen the research. You know what (and who) should be involved.

Now you’re ready to get started.

Well lucky for you, we’ve put together this ten-point checklist detailing exactly what you need to tick off if you want to get (and stay) ahead of your vulnerabilities.



1) Know Your Assets

I’ve said it before, and I’ll say it again.

Before you can do anything else, you have to know what you’re dealing


Posted in Vulnerability Management

How To Start Your Vulnerability Management Off With a Bang: Roles and Responsibilities

Posted on February 11, 2016 by lexi

Now that we’ve covered the basic process of vulnerability management, it’s time to consider the human element.

After all, no matter how good your processes are, they’ll still fail if you don’t have the right people involved.

Even more than most business processes, vulnerability management lives and dies on the quality of working relationships between certain key players…

So let’s find out who they are.



Meet The Cast

In order to pull off your world-class vulnerability management


Posted in Vulnerability Management

Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, MoldovaPenetration Testing Moldova, Penetration Test Moldova, LogicalPoint