The black hats have a significant advantage over the good guys. They have better knowledge of the vulnerabilities in our systems than the defenders do. How? Because they develop exploits and continually test them for efficacy before releasing them in the wild. But 0-day exploits are the least of our problems from a volumetric perspective. There’s much more ‘low hanging fruit’ for the picking, with over 14,000 known vulnerabilities (non-0day) with a CVSS rating of 7 or higher. But how will we know where these holes exist when current penetration testing tools support only about 10% of the vulnerabilities. This is an asymmetrical advantage for the bad guys.
Together, we can level the playing field, and more. Details to be announced here.
Vik Phatak serves as Chairman and CTO of NSS Labs. He most recently served as CTO for Ambiron Trustwave (ATW), the world’s largest PCI assessor. Vik joined ATW following its acquisition of Lucid Security Corporation, a company founded by Mr. Phatak in 2002. Mr. Phatak is an intrusion prevention pioneer and one of the Information Security industry’s foremost thought leaders on vulnerability management and threat protection. Prior to Lucid, Phatak served as Global Manager of Enterprise Internet and Security Services at Teleflex, a publicly-traded global manufacturing company, and served as a co-founder of Intermedia Sciences Group, Inc., a security consulting firm.