Skip to main content

4 Steps to Mitigate 95% of Known Vulnerabilities

(0 comments)

The article "4 Steps to Mitigate 95% of Known Vulnerabilities" piqued my interest.  The Australian DoD also has their top four mitigation strategies (and their top four for Linux).  While I like the simplification of 4 things versus 35, it would be great to be able to match up the controls/strategies with actual percentage of time the control forces an attacker to adapt or give up.  The 2014 Verizon DBIR, for example, states that lost, stolen or weak credentials were used in three-quarters of all attacks making a strong case for two-factor authentication.

But JP Morgan had two-factor auth as a requirement, they just had one server out of compliance. Would egress filtering have stopped it?  That would be very interesting to know.

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom