Defense in Depth

Vulnerability Management ≠ Vulnerability Discovery

Dec 5, 2024

Yaron Levi, the CISO of Dolby and an expert in cybersecurity and vulnerability management, dives deep into the distinctions between vulnerability discovery and management. He emphasizes that without knowing what vulnerabilities exist, effective management is impossible. Discussion revolves around the ongoing nature of vulnerability management, the need for prioritization, and the fascinating role of AI in reducing alert fatigue. Levi's insights reveal that context and collaboration are vital for creating a robust cybersecurity strategy.

28:39

Creator website

Episode guests

Yaron Levi

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Effective vulnerability management requires a deep understanding of assets, prioritization, and risk acceptance rather than just focusing on discovery.

Organizations must move beyond traditional scanning methods to ensure vulnerabilities are addressed based on their actual impact and business context.

Deep dives

The Shift from Discovery to Remediation

Cybersecurity teams primarily focus on managing vulnerabilities rather than simply discovering them. Historically, the process began with vulnerability scans that identified issues but lacked the necessary remediation steps. It became apparent that merely generating long lists of vulnerabilities created challenges in prioritization and accountability, often leading to crucial vulnerabilities being overlooked. A more effective approach emphasizes starting from remediation needs and working backwards to ensure vulnerabilities are appropriately addressed based on their impact and risk to the organization.

Intro

2min

Holistic Vulnerability Management

10min

Navigating Vulnerability Management and Prioritization

5min

Navigating Vulnerability Management

8min

Understanding Context in Vulnerability Management

3min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby.

In this episode:

You can’t manage what you don’t know you have
Vulnerability management doesn’t have an endpoint
This is about tradeoffs
A unique approach

Thanks to our podcast sponsor, Intezer

Intezer’s AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

Vulnerability Management ≠ Vulnerability Discovery

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Shift from Discovery to Remediation

The Complexity of Vulnerability Management

The Importance of Asset Management

Remember Everything You Learn from Podcasts