2 ай бұрын
2 ай бұрын
Жыл бұрын
Жыл бұрын
Пікірлер
@aiworkshoplab 4 күн бұрын
How about EPSS. What is your thoughts on that?
@nucleussec 3 күн бұрын
EPSS and CVSS both have integral parts to play in vulnerability management. In fact, we held a webinar talking about EPSS with EPSS SIG Co-chair, Stephen Shaffer, a few months ago. Check it out at nucleussec.com/resources/webinars/predictive-vulnerability-management-operationalizing-epss-with-business-context-recording/
@THOTHO-ie5lz 2 ай бұрын
can't attacker , with aid of ai, go focus on the rest of 96% of critical and exploitable vulnerabilities knowing that SSVS and EPSS are in use?
@nucleussec 2 ай бұрын
Theoretically, attackers could leverage AI to identify and exploit vulnerabilities not flagged as critical or urgent by frameworks like SSVC and CVSS. However, AI’s role in offensive security is still relatively limited, and attackers don’t necessarily need AI to exploit vulnerabilities quickly. What matters most is reducing the exposure of critical areas in your environment and implementing strong compensating controls. Both attackers and defenders are advancing in AI use, but defensive tools are also evolving to help anticipate and counter new tactics. Instead of focusing solely on vulnerabilities ranked by traditional frameworks, it's essential to prioritize and secure the high-risk assets within your environment, leveraging both AI and strategic defenses.
@JossOrtan 4 ай бұрын
Great video on operationalizing vulnerability threat intelligence! I'm curious, what are the key challenges you typically face when integrating threat intelligence into existing security workflows?
@nucleussec 4 ай бұрын
Thanks for the comment and question @JossOrtan. For security practitioners integrating threat intelligence into existing security workflows, we often see several common challenges. This isn't a comprehensive list, but hopefully helps provide context and builds on the content of the video. For starters, organizational adoption of threat intelligence can affect trust in existing workflows. As workflows are changed and findings are adjusted based on what the new data tells us, it can create a period of transition and evaluation. There's also a data overload concern. Too much intelligence without proper prioritization can cause confusion and affect how the organization handles remediating existing findings. Trust issues also exist when approaching the sources of threat intelligence. Can you rely on them to make extremely important security risk decisions? As these decisions can happen multiple times a day, vetting security threat intelligence data is vitally important. Finally, we have to consider the ability to automate on key moments in the analysis pipeline that properly utilizes the threat intelligence data you are consuming. Is the integration of the threat intelligence data adding on hours and hours over time of required manual analysis to security events? Or is there a pathway to consuming the information and allowing the applied automation to make those decisions in seconds? These are some considerations that arise when integrating threat intelligence. Of course, there are other, more organization-specific challenges. If you have any other questions, contact us - we're happy to chat!
@ybkreddy9129 6 ай бұрын
Is it possible to extract data from Nucleus through API calling
@Amisermanzerboiredanser 6 ай бұрын
Would be good if you could run through an example to explain how these apply
@gnlmaster 6 ай бұрын
This is a vital part of vulnerability management
@Justin-fq3zh 9 ай бұрын
Duuude I skate and hack too! This is sick. Boards are part of the office?
@zahivaron 9 ай бұрын
The video has helped me to better understand the subject and has given me some new ideas for how to approach it in my own work. I will definitely be sharing this video with my colleagues.
@dannya1130 11 ай бұрын
Great presentation. Are you hiring? :)
@hottroddinn 11 ай бұрын
Just talking nonstop without any visuals does not make any sense when you have the word "roadmap" in your title.
@MywesternfatherAsianfath-pj4wq 11 ай бұрын
Thank you
@BinaryAdventure 11 ай бұрын
"We don't use any AI or ML in our tagging process" - thats how you know this guy knows wtf hes doing, lol. Hes not trying to shove AI in your face just to market. This is a great, no BS, no marketing hype intro.
@RussellBWalker Жыл бұрын
Very informative with great ideas
@8starsAND Жыл бұрын
I just hate AirPods sound quality, it’s terrible
@MohsenJebelli145 Жыл бұрын
thanks for perfect knowlage sharing
@aymanhout Жыл бұрын
Thank you for this video, wish this published for wide.
@dwise1StreamingJoy Жыл бұрын
How can I get a training from your company
@Jerr-e1z Жыл бұрын
Can you please share the link to the slides?
@felixdadzie6868 Жыл бұрын
The emphasis on building proper relationships across teams and getting to know the functions, goals and business objectives of each team is so true. As a new Analyst myself, I’ve realized how having such knowledge helps with the various relationships.
@wheeliepimp11 Жыл бұрын
Cybersec Dyrdek is the hizzy...
@MuhammedLateef1 Жыл бұрын
Link to the article?
@ypetkar Жыл бұрын
Great insight into how threat intelligence and business context helps security teams manage vulnerabilities.
@nucleussec Жыл бұрын
Thanks, Yogi! So glad you enjoyed it.
@magicxboy1 Жыл бұрын
Great insight and analysis👍
@nucleussec Жыл бұрын
Thanks so much!
@erikbutler3450 Жыл бұрын
Great talk
@nucleussec Жыл бұрын
Thanks, Erik!
@jbmaillet Жыл бұрын
16:57 actual dig into the the CVSS EPSS KEV topic. Mostly KEV. 32:51 EPSS. 46:32 Threat / Risk. "Defenders think in lists, attackers thing in graph". 50:40 Asset intelligence.
@jbmaillet Жыл бұрын
And what about SSVC? Maybe next time?
@ordrdchaos Жыл бұрын
Nice overview
@nucleussec Жыл бұрын
Thanks! Glad you enjoyed it!
@kennethshibaba4490 Жыл бұрын
Thanks for this video. What tool are you using?
@patrickgarrity6171 Жыл бұрын
The tool in the video is Nucleus Security
@voyeurvision Жыл бұрын
Do you have a similar demo where GitHub is the ticketing system?
@dennisdarkomensah1920 Жыл бұрын
Thank you very much for this video. It has greatly helped me in my research work.