Ivanti Insights

Join us for a stroll down patch memory lane! Ivanti's Chris Goettl invites an old colleague to the show -- Eric Schultze, a former software development leader at Amazon, Microsoft, and Shavlik Technologies -- to look back on the early days of Patch Tuesday and how patch management has evolved over the decades since. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Once again, we're back with all the answers. Traditional vulnerability management comes with many pitfalls, and we're counting down the solutions to all the problems you might be running into. Ivanti's Chris Goettl and Robert Waters break down the back five on our list: a periodic approach to remediation, poor prioritization, lack of business context, overreliance on patch management, and poor metrics and reporting.Be sure to subscribe to our feed so you never miss an insight from the team.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

We promised we'd come back with the solutions to all your vulnerability management problems, so here we are. Plus, we're counting down in unranked order *and* starting from #10 on our list, just to keep you on your toes. Ivanti's Chris Goettl and Robert Waters will go through how you can address resource constraints, siloed tools and data, limited attack surface visibility, inaccurate view of exposures and data overload.And stay tuned for the rest of the list next time! Subscribe to our feed so you don't miss it.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Vulnerability management is not for the faint of heart. The pitfalls are many, and odds are you probably have at least one of these issues. Ivanti's Chris Goettl and Robert Waters run down the list of what can get in the way of vulnerability management done well -- from attack surface visibility to data overload and resource constraints -- all with an eye on how those problems can be addressed. (Which we'll have more on next time. We promise.) Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Chris Goettl and Robert Waters take on four big questions facing cybersecurity today, namely: Who gets the upper hand from AI, cyber adversaries or the legitimate organizations looking to stop them? What's going to win out, Everywhere Work or RTO? Exposure Management: sea change, or passing fad?And what's the bigger security risk, IoT devices or third-party vendors?Listen in for those questions and, if you're listening closely, a few answers too.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Robert Waters welcomes Grand Bank CTO Robert Hanson for a wide-ranging conversation on the emerging field of exposure management and how you can proactively safeguard your organization, because every organization faces risk. What separates the vulnerable from the well-protected isn't whether you have exposure — it's how you manage it.  Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Join Ivanti's Chris Goettl and Robert Waters as they take a Christmas-Carol-themed trip through the emerging field of exposure management, taking a close (and possibly ghostly) look at the past, present, and future of the field. To learn more about Ivanti's exposure management offerings, visit: https://ivanti.com/exposure-managementJoin the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a special episode for Cybersecurity Awareness Month, sourcing five tips from a range of Ivanti employees on how your organization and its users can stay secure. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Securin CEO Ram Movva joins the show to talk all things vulnerability intelligence: how to prioritize according to risk, how to manage your external attack surface and emerging trends in ransomware and security. Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) to cover the dreaded costs of a cyberattack, and how organizations can work to proactively avoid them by addressing three strategic imperatives: attack surface, vulnerability prioritization, and data silos.Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself.  To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

What does CSO stand for at your organization? Is it short for Chief Security Officer... or Chief Scapegoat Officer?In this episode, Ivanti CSO Daniel Spicer talks about how he never thought he'd be a CSO, and the unique pressures that security executives face from their own internal leadership teams and external regulations or (worse) insurance companies.Listen in as Daniel and Ashley dig into:What counts as a "breach" -- legally and ethically -- and the conflicting pressures to either report or not.How hackers try to bluff their way into a breach...... and how "breach coach" insurance lawyers may or may not try to pressure teams out of reporting incidents they should.Where to find the best internal allies to help you stand up to undue pressures and maintain your ethical high grounds.The #1 thing security leaders should do during their interview process to make sure they're signing on with the right organizationHow -- if you do get fired due to a breach -- it's not the end of your career as a security professional. Next episode going live June 29, 2023!New episodes publish around the second and fourth Thursdays each month. For all show notes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Daniel Spicer is back! Following up on last episode's discussion on the security risks of overemployment, Ivanti's Chief Security Officer returns to clear up the age-old myth of security tools being abused for employee investigations. Join Daniel, Chris and Ashley as they discuss:What is (and most definitely is not) allowed in an employee investigation -- especially if the Security Team is requested to assistUser and management's misconceptions about security data, and how it's less "Big Brother," and more "Death by Data" The invaluable technique of using HR and Legal both to cover your asks and avoid abuse of security tools during investigationsHow you're more likely to investigate an employee due to a media outlet's DMCA request than overemploymentWhat a manager's "tipping point" is to request a more robust employee investigation, and what would trigger Security to get involvedJoin us for another episode in which empathetic management and a sympathetic legal department might be the best security tools you'll ever deploy when it comes to cracking down on bad employee behavior -- well, that, and a solid VPN / MDM combo. Next episode going live June 29, 2023!New episodes publish around the second and fourth Thursdays each month. For all show notes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Chris and Ashley use the current overemployment media trend as an example case study on evaluating security risks versus potential organizational impact. They cover: How overemployment existed before remote workWeighing the various security implications of overemployment — including shadow IT and insider threatsHow far an organization should go to remediate security risks due to unknown overemployed employees... and the cultural trade offs organizations may be required to make. Next episode going live May 25, 2023!New episodes publish around the second and fourth Thursdays each month. For all show notes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Chris (finally!) adds his insights to the 2023 Press Reset cybersecurity research report, especially how its findings impact vulnerability and patch prioritization processes — do you shoot for mission critical systems, active exploits, or something else first? — and why asset visibility lies at the core of every security framework on the planet. Next episode going live May 25, 2023!New episodes publish around the second and fourth Thursdays each month. For all show notes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

JR Robinson, Head of Platform at generative AI startup Writer, joins VP of Endpoint Security Product Management Chris Goettl and Ashley Stryker to discuss current generative AI use cases for security teams that go beyond just chat bots.(Please. For everyone's sanity… go beyond chat bots.)They'll also preview a deeper webinar discussion with Chief Security Officer Daniel Spicer on the risks and rewards generative AI offers security teams at every organization, airing on April 26 — save your spot and bring your questions to "Generative AI for Infosec and Hackers: What Security Teams Need to Know!" Next episode going live April 11, 2023!New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Daniel and Ashley review the latest research report from Ivanti -- Press Reset: A 2023 Cybersecurity Status Report -- including prioritizing phishing and DDoS attacks, security ROI challenges, and why organizations should never increase their cybersecurity budget by sacrificing their IT allocations.Download the full report at Ivanti.com/CybersecurityReport   Next episode drops February 16, 2023! New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

It's vendor risk versus reward!Chris and Amanda educate Ashley on the core considerations, processes and requirements for robust vendor risk management programs... including when to be afraid of your IoT devices, especially those pesky Roomba vacuums and oh-so-convenient self-cleaning litter boxes.Remember to address these three components, no matter if your vendor is a major IT software provider or just your friendly neighborhood paper salesman:What data are you granting your vendor?What can they access?Due diligence and 200+ item questionnaires are everything. Next episode drops February 16, 2023! New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

IT Director Tony Miller goes toe-to-toe with Chief Security Officer Daniel Spicer to justify – or condemn! – IT and cybersecurity posts found on Reddit, featuring a legendary story about hackers that patched endpoints faster than the company itself. #PatchHacksPlus, Ashley frets about the impact of a new security policy on her personal devices, creating an impromptu case study on the importance of explaining (or just reading) new security policies. Next episode drops February 2, 2023! New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

Daniel, Chris, Amanda and Ashley revisit the coordinated disclosure conversation from Episode 25 and apply the prisoner's dilemma thought experiment to create a (more?) perfect vendor disclosure policy.Find shownotes for this episode at Ivanti.com/SecurityInsights-30 Next episode drops December 29, 2022! New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

Amanda and Ashley talk about their experiences as women in the cybersecurity and technology industries. (Spoiler alert: it's on the up-and-up!)Find shownotes for this episode at Ivanti.com/SecurityInsights-29 Next episode drops December 15, 2022! New episodes publish around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

Amanda and Chris share stories proving why your data really is more secure in the cloud than the average on-premises server closet – and what organizations should worry more about when it comes to data security.Find shownotes for this episode at Ivanti.com/SecurityInsights-28    New episodes bimonthly around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

Do you want to work in cybersecurity, but not sure how to start? Ashley and Chris talk to three current cybersecurity experts on how they entered the industry – including Ivanti deputy CSO Amanda Wittern. (Also, bonus update on how Ashley pulled off her social engineering assignment from last episode!)Find shownotes for this episode at Ivanti.com/SecurityInsights-27    New episodes bimonthly around the second and fourth Thursdays each month. For all shownotes, resources and references, head to Ivanti.com/SecurityInsights Join the conversation online on Twitter (@GoIvanti) or LinkedIn (linkedin.com/company/Ivanti)

In this episode, Chris tries to convince Ashley that marketers naturally make excellent hackers, based on modern phishing attacks and techniques… And Ashley confirms his guess by revealing the lengths to which marketers will go to “spoof” natural conversation and drive their target audience to take action.Referenced materials:The DarkNet Diaries Podcast, Episode 69: Human Hacker - https://darknetdiaries.com/transcript/69/Ashley's “Social Engineering” booklist - https://www.amazon.com/hz/wishlist/ls/1INOW5WGDDUO5?ref_=wl_share*~*~*Visit us on: LinkedIn: https://www.linkedin.com/company/ivanti/ Twitter: https://www.twitter.com/GoIvanti/Facebook: https://www.facebook.com/GoIvanti/Instagram: https://www.instagram.com/goivanti/Blog: https://www.ivanti.com/blog

Security Insights welcomes its new host, Ashley Stryker, into the mix! In today's episode, Chris Goettl and Daniel Spicer break down some backlash from Microsoft customers on their failure to disclose a “ninja patch” on a vulnerability researchers found months before the fix. Listen in as the trio discuss security transparency and best practices for vendor coordinated disclosures of vulnerabilities for cloud versus on-prem products and much more!~*~Ivanti automates IT and security operations to discover, manage, secure and service from cloud to edge. Visit us on: LinkedIn: https://www.linkedin.com/company/ivanti/ Twitter: https://www.twitter.com/GoIvanti/ Facebook: https://www.facebook.com/GoIvanti/ Instagram: https://www.instagram.com/goivanti/ Blog: https://www.ivanti.com/blog

Hello and welcome back to this week's episode of Ivanti's Security Insights! Today Chris Goettl and Daniel Spicer go over their takeaways from the recent Gartner Security & Risk Management Summit.Chris is the Vice President of Product Management for Advantage Endpoint Security Products while Daniel is the chief Security Officer here at Ivanti, and together they discuss trends and topics bouncing around in the security world. For more information, check out www.ivanti.com! Be sure to follow us on our socials @goivanti for more episodes like this!*~*~*Ivanti automates IT and security operations to discover, manage, secure and service from cloud to edge. Visit us on: LinkedIn: https://www.linkedin.com/company/ivanti/ Twitter: https://www.twitter.com/GoIvanti/ Facebook: https://www.facebook.com/GoIvanti/ Instagram: https://www.instagram.com/goivanti/ Blog: https://www.ivanti.com/blog

We're back and ready to roll with this week's episode where our host Chris Goettl interviews Chad Holmes and Daniel Brody from Cynario. Today they discuss healthcare and security through EMT devices and much more.Watch to learn more about how cyber security is assisting healthcare innovation! For more information, check out Cynario's website www.cynerio.com or their social media @cynerio. Be sure to follow us on our socials @goivanti for more episodes like this! 

In our first episode of 2022, Chris Goettl and Daniel Spicer unpack one of last year's biggest vulnerabilities: Apache Log4j. The conversation includes:What is Log4j?The difficulty of detecting Log4j and developing guidance for organizationsWhy security teams and IT teams are stuck in a Catch 22 of patchingThe latest guidance you can use for your organizationCheck out cisecurity.org and Ivanti's article on Log4j

Host Adrian Vernon sits down with Daniel Spicer to bust some cybersecurity myths! The list of myths include:Passwords should be changed every 30 daysYou shouldn't write down your passwordMulti-factor Authentication is not secureYou don't need antivirusVPNs keep my devices safe and secureIT is responsible for all of the cybersecurity at an organization"Stay safe, be secure, and keep smiling!"

Host Adrian Vernon is joined by Ivanti's Senior Vice President of Security Products Sri Mukkamala, CEO of Cyber Security Works (CSW) Aaron Sandeen, and Senior Intelligence Analyst at Cyware Neil Dennis. They break down the recent collaborative Ransomware Index Spotlight Report to make sure you are up to date on today's cybersecurity landscape. The conversation includes:How the report was put togetherWhat you can expect from the reportThe importance of the collaborationSurprising contextsWhy a yearly compliance checkpoint may not be enoughThe possible future of ransomwareCYBER HYGIENE!Check out the report at ivanti.com

Adrian gets some insight from Chris and Daniel on some recent supply chain attack events.The conversation includes:The unique agenda of nation state attacksThe numbers game associated with cloud services attacksThere are way more attacks than what get covered in the newsWhat makes an attack a "Supply Chain Attack"Microsoft's recommendations for providers and customersProactive steps you can takeFor more on supply chain attacks check out our episode The Human Element of Preventing Supply Chain Attacks 

Host Adrian Vernon is joined by the usual cast, Daniel Spicer and Chris Goettl, to talk about Cyber Security Awareness Month and some of the best security practices from experts that have seen it all! The conversation includes:When to rotate your credit cards and more!Why going paperless when you can is so important, and if you can't, get a shredder!Best travel cyber hygiene practices for your personal devicesWifi security in the air and on the roadWhen it's appropriate to bring separate travel-only devicesThe importance of using power packs while in airportsWhen and how to use social media while you are traveling

Host Adrian Vernon and VP of Product Management Chris Goettl break down some of the biggest headlines in the world of cybersecurity right now! The conversation includes:The recent critical security flaw of Apple devicesHow threat actors use remote code execution to mine cryptocurrencyLesson's learned from the SolarWinds breachActions to take as cybersecurity threats increaseOctober is Cybersecurity Awareness Month!

Host Adrian Vernon, VP of Product Managment Chris Goettl, and Chief Security Officer Daniel Spicer talk about the hottest buzzword in security right now: Zero Trust! The conversation includes:What Zero Trust is and what benefits it brings to securityAn overview of the federal government adopting the Zero Trust strategyThe Zero Trust maturity modelWhat it takes for a company to begin moving to Zero TrustThoughts on missing elements from the Biden executive order and what we'd like to see added or changedThe importance of making sure work can still get done with Zero Trust in place

Host Adrian Vernon, VP of Product Managment Chris Goettl, and Chief Security Officer Daniel Spicer give you the rundown on everything Cyber Insurance! The conversation includes:What Cyber Insurance covers and why it's importantWhat you need to know to be prepared for your conversation with a brokerHow to save MONEY on your planThe Cyber Insurance grey area and avoiding fines

Host Adrian Vernon, VP of Product Managment Chris Goettl, and Chief Security Officer Daniel Spicer talk about the future of artificial intelligence and machine learning in cyber security including:The beginning of AIHow AI and ML benefit organizations How AI and bots are used to attack organizationsWhat kinds of AI will we need to stand up to those attacks? How do we get Skynet to go up against Ultron?The human element behind AI and the danger of over-automation

Host Adrian Vernon, Sr. Director of Product Management Chris Goettl, and CEO of RiskSense Sri Mukkamala talk about the recent news of the Ivanti and RiskSense team up and what it means for patch management moving forward!The conversation includes:The history of RiskSenseThe importance of "Proactive Response"Some insights on the current realities in our world of vulnerabilitiesWhy the White House is encouraging a risk-based assessment strategyBest practices on approaching the challenges that organizations faceCyber Hygiene!

Host Adrian Vernon, Sr. Director of Product Management Chris Goettl, and VP of Security Daniel Spicer explore recent challenges concerning the rise in supply chain attacks.The conversation includes:How a supply chain can be attacked and why organizations should careThe reality of building systems using multiple off the shelf products and the importance of making sure those products and vendors are secureBest practices around defending against supply chain attacksThe new cybersecurity executive order

We are taking a break this week for Ivanti's Summer of Security, but don't worry we'll be back next week! Until then, if you missed it, check out one of our favorite episodes: The Balancing Act of Staying Secure While Working From Home.Host Adrian Vernon, Ivanti's Chef Security Officer Phil Richards, and Sr. Director of Product Management Chris Goettl discuss the new security landscape formed by the "new normal" of remote working including:Ivanti's new Secure Consumer Cyber Report revealing chilling insightsThe "Password Nirvana"The importance of two-factor authentication on your personal devices

Host Adrian Vernon, Ivanti's Chef Security Officer Phil Richards, and Sr. Director of Product Management Chris Goettl cover some recent data on ransomware attacks.The conversation includes:History on the earliest known ransomware attacksThe recent explosion in value of ransomsThe concept of the trustworthy threat actorHow threat actors adapt to the digital landscape, quarter by quarter

Host Adrian Vernon, Ivanti's Chef Security Officer Phil Richards, and Sr. Director of Product Management Chris Goettl talk about the everywhere workplace!The conversation includes:Surprising numbers from a brand new Ivanti surveyPerspectives on the value of the everywhere workplaceThe role Covid-19 played on the everywhere workplacePredictions on what the everywhere workplace looks like moving forwardViews on wearing pants during remote meetings

Host Adrian Vernon and  Sr. Director of Product Management Chris Goettl get an opportunity to talk with "the world's most connect human" and author of Don't Unplug: How Technology Saved My Life and Can Save Yours Too, Chris Dancy!In this second part, the conversation includes:The "Everywhere Workplace" and staying conscious about security and safetyGPS trackersChris' take on "Technology can be good, or it can be easy, but it can't be both"Chris' experience with tech and solutions designed to circumvent the dreaded passwordUnderstanding "We don't know how to measure what we care about, so we care about what we measure"Visit chrisdancy.com to connect with the world's most connected human!

Host Adrian Vernon and  Sr. Director of Product Management Chris Goettl get an opportunity to talk with "the world's most connect human" and author of Don't Unplug: How Technology Saved My Life and Can Save Yours Too, Chris Dancy!In this first part of two, the conversation includes:Where Chris' moniker came fromWhat it means to be "the world's most connected human"Why you may be more connected than you think you areHow unplugging, in some cases, can lead to missed personal connectionsUnderstanding where technology fits in helping you obtain the things you value, such as exercise or being creative

Host Adrian Vernon, Ivanti's Chef Security Officer Phil Richards, and Sr. Director of Product Management Chris Goettl discuss the threat you probably weren't fully aware of: The QR code!The conversation includes:QRurbYour Enthusiasm 2021: Why the QR code Remains a Top Security Threat and What You Can Do About It reportWhat a QR code is and how it worksHow QR codes have risen in popularity with the need for "touchless" solutionsThe possible vulnerabilities that could be exploited in QR codesThe importance of keeping your mobile device secure

Host Adrian Vernon, Ivanti's Sr. Director of Product Management Chris Goettl, and first time guest Bart Westering, Ivanti's VP of Security Engineering, discuss DevOps, DevSecOps, and more!The conversation includes:What is DevOps?What is the difference between DevOps and DevSecOps?Best practices around adopting or maturing your DevOps processWhat can happen when DevOps processes fall apart

Host Adrian Vernon, Ivanti's Chef Security Officer Phil Richards, and Sr. Director of Product Management Chris Goettl discuss the new security landscape formed by the "new normal" of remote working including:Ivanti's new Secure Consumer Cyber Report revealing chilling insightsThe "Password Nirvana"The importance of two-factor authentication on your personal devices

Host Adrian Vernon, Ivanti's Chef Security Officer Phil Richards, and Sr. Director of Product Management Chris Goettl discuss the inherent privacy concerns social media can bring including:Understanding the newest platform: "Clubhouse"How your social media data is collected and usedSocial media privacy best practices

Host Adrian Vernon and Ivanti CSO Phil Richards discuss how companies can avoid and deal with ransomware attacks, including:Training employees to not open suspicious emails and links that make networks vulnerable to ransomwareThe security vulnerabilities of old or unpatched softwareThe pros and con of having backupsHow to use credential management to combat privilege escalationConnect with Phil on LinkedIn

Ivanti Senior Director of Product Management, Chris Goettl, and Chief Security Officer, Phil Richards, join host Adrian Vernon to discuss the recent cyber attack that affected many dozens of organizations around the world, including multiple U.S. government agencies.