I recently spoke with Jason Norred, CISO at Solutions II. Solutions II provides a comprehensive mix of IT, security, and managed services offerings for its customers. Jason is responsible for the corporate security program at Solutions II as well as the security practice that is developing and driving security solutions for their clients.
Today, we discussed the approach Solutions II takes with exposure management. Solutions II uses a variety of traditional vulnerability management tools, other security tools such as EDR, in addition to open source intelligence data. With so many sources, it’s challenging to validate the data.
Jason also discusses the limitations of vulnerability scanners and assessments as they’re reporting on CVE data that may or may not be factual and correct.
Sevco correlates vulnerability information with assets, exposures, and detailed business context to prioritize the critical assets that need a higher level of scrutiny when vulnerabilities are detected on them and simplifies the processes of uncovering the root causes of patching issues. And because Sevco validates remediation on the asset level, Jason shares how he uses Sevco to measure and confirm the effectiveness of remediation efforts and risk reduction.