FireEye Chief Intelligence Strategist, Christopher Porter had the
opportunity to speak with Jared Semrau, head of our Vulnerability and
Exploitation intelligence team. Jared discusses how his team gathers
information on new and existing exploitable bugs, combines that with
what FireEye knows from engagements and device detections, and how
they map that intelligence to known threat actors. There are a lot of
myths going around about how vulnerability management should be
handled and this discussion helped cut through a lot of that.
Listen to the podcast to join this conversation and to learn why
FireEye rates less than 0.01% of its vulnerabilities as critical,
compared to 10% of vulnerabilities being rated critical by public
sources. Jared did a great job explaining for me how this focus on
only the truly critical and exploitable vulnerabilities helps our
clients better utilize their limited threat hunting resources and keep
operational systems online as much as possible without unnecessary
out-of-cycle patching.