Attackers don’t sleep and find new ways to get into a company and move laterally through the environment. This session starts with an overview where we come from and the pure reactive approach of detecting someone in our network and then moving into the proactive way of security. Using the same tools for asset discovery, risk assessment and automatic checks for compliance of the customers environment.
So the solution should not just stop the attack, but before check automatically how an attacker possibly could come in and have a full overview of the environment including automatic risk factors for assets and overview combined with integrations with other solutions.
Additionally the task of risk management is stated in the new NIS2 directive and should be clearly a topic for all companies that are affected.
Vulnerability Management is more then ever an important building block when it comes to early detection of issues to allow a proactive counter measure. This is only possible if various organizational areas work hand in hand starting from the information security strategy, over architecture, engineering, operations and the business side. This needs to be embedded in an according information security framework that defines the rules and requirements based on which the vulnerability management service is operated. However, this approach is only complete with an according target operating model that defines the various building blocks that contribute to a successful end-to-end service.