Skip to main content

DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties

July 28, 2017

Every year I like to take a look at the talks at Black Hat and DEF CON to see if there are areas of risk I need to review. This year, like others, has focused on different hacking and defensive techniques. It also included a theme on cloud components as well as IoT, and new vulnerabilities within both. If your organization develops these products, you have the ability to talk with the development teams and review the devices for the vulnerabilities.  

However, for many of us, we are not able to review these devices for the vulnerabilities very easily. For those that fall in this camp you will need to have conversations with the vendors and manufactures about their controls and specifics, which is a manual and grueling process. Luckily organizations can leverage their third-party risk management processes, if they have them, along with the ability to create customized questionnaires to address these vulnerabilities with their manufactures.

Blog Featured DEF CON TPRMThree Steps for Management and Remediation of Security Vulnerabilities, I shared how organizations would look for vulnerabilities within their vendors. This same process applies to IoT and cloud systems. In preparation for this week’s activities it might be a good step to review your organization and perform any preparations you can. Some key areas that stood out this year include: 

  • Exposure areas – Understand where your key exposure areas may be including operating systems and other systems on your network
  • Third-party risk – Define your key third parties and technologies being used to deliver critical business services
  • Incident response program – Take a quick moment to review and share your incident response plan and run book adding in some quick stop gaps (i.e. do you know what to do for cloud, IoT and third parties?)

To ensure your vulnerability response program is comprehensive, dedicating time and resources to your third-party risk management program is a must and there is no better time than the present.  


    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

April 25, 2018

Five Application Security Best Practices for Serverless Applications

Serverless architecture enables applications to be developed and deployed without management of the underlying host or operating system. Instead of a ...

See Details

April 13, 2018

Observations on Smoke Tests – Part 2

There are a variety of scanning tools in the market today, from commercial to open source. Some are intended only for identifying a particular vulnera...

See Details

June 08, 2018

The Business Trusts the Third Party – Should You?

In this day and age we are faced with some hard facts within information security. One of those facts is that breaches are imminent and we must be pre...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

June 01, 2015

Vulnerabilities in Bluecoat SSL Visibility Appliances

Last Friday, Bluecoat and CERT published security advisories for vulnerabilities in the administrative interface of the Bluecoat SSL Visibility Applia...

See Details

September 12, 2017

Third-Party Risk Program Assessment

Learn how to build a solid foundation for your third-party risk program.

See Details

June 16, 2016

Cloud Security Services

Movement to the cloud is a necessity for organizations. Learn how Optiv’s comprehensive suite of cloud solutions can help you get there securely.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.