When it comes to enterprise vulnerability management products -- despite steady technological advancements -- the success of even state-of-the-art products depends on their ability to sift through mountains of vulnerability data to find the flaws that are most likely to be exploited.
These are the products of today, but what about the vulnerability management products of tomorrow?
"One of the things I spend a lot of time researching is how do you help prioritize vulnerabilities based on the actual users in your environment?" said Marc Maiffret, chief technology officer of BeyondTrust Inc. and noted security researcher. "There's some cool stuff happening on how you tie back the prioritization of vulnerabilities based on your users and your actual privileges in your environment."
Also get Marc Maiffret's take on why advanced threats are less dangerous than simple attacks
In this interview, conducted at the 2014 RSA Conference, Maiffret not only discussed next-gen vulnerability management, but also the growing importance of cloud vulnerability scanning, and the operational challenges of how to keep systems in sync to automate vulnerability assessment processes.
Later, Maiffret also discussed the state of Microsoft software security, and specifically, the "steps in the right direction" the software giant is making with its EMET, as well as the software security program at Adobe Systems Inc. and why it needs more time to develop -- and perhaps more support from executive management.
Finally, Maiffret discussed his most important, yet often-overlooked, tip for assessing whether an information technology vendor is truly devoted to secure software development.