Skip to main content

4 Steps to Mitigate 95% of Known Vulnerabilities

The article "4 Steps to Mitigate 95% of Known Vulnerabilities" piqued my interest.  The Australian DoD also has their top four mitigation strategies (and their top four for Linux).  While I like the simplification of 4 things versus 35, it would be great to be able to match up the controls/strategies with actual percentage of time the control forces an attacker to adapt or give up.  The 2014 Verizon DBIR, for example, states that lost, stolen or weak credentials were used in three-quarters of all attacks making a strong case for two-factor authentication.

But JP Morgan had two-factor auth as a requirement, they just had one server out of compliance. Would egress filtering have stopped it?  That would be very interesting to know.

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom