The Verizon DBIR has a lot to say about vulnerabilities. One of the more interesting topics is the large number of 2015 vulnerability exploits that were more than a year old. In a footnote the DBIR authors comment that “Those newly exploited CVEs, however, are mostly – and consistently – older than one year.” The data show that more than 90% of exploited vulnerabilities in 2015 were more than one-year-old and nearly 20% were published more than 10 years ago.   This data is consistent from year-to-year. In 2014, more…

Why would someone create a false choice between analytics or encryption? Well an editor at Dark Reading might decide it’s worthy of clickbait headlines. Thus, we see the following headline yesterday: “As Good as They’re Getting, Analytics Don’t Inherently Protect Data.” This comes courtesy of Scott Petry, CEO of Authentic8. The crux of Mr. Petry’s thesis is that analytics solutions can only detect breaches but they cannot secure data that has already been stolen. True enough. But wouldn’t you want to detect breaches before data is exfiltrated? He does concede…