Posted by: Tony Bradley
nCircle, patch, Patch Priority Index, PPI, update
At the RSA Security conference in San Francisco today, nCircle announced a new program: Patch Priority Index™. The free, publicly available Patch Priority Index (PPI) provides an extensively researched list that global IT security teams can use to effectively prioritize the most critical vulnerabilities for immediate remediation. The PPI is updated monthly to provide security teams the quickest, most efficient path to a more secure network.
The nCircle PPI is created by nCircle’s Vulnerability and Exposure Research Team (VERT), a group of highly skilled security research engineers that develop vulnerability and configuration checks for nCircle’s agentless auditing solutions. VERT uses a range of unique sources and reviews a variety of criteria, selecting the most severe issues that can be patched in a given month as candidates for the list. For a vulnerability to be included on the PPI list, it MUST have a patch available. VERT researches each vulnerability and ranks them using the following criteria:
· Attack Vector
· CVSS Score
· Availability of Public Exploit Code
· Popularity of the Service or Software
· Customer Feedback
· Worst-Case Attack Scenarios
· Attack Outcome
“Deploying software patches is a complex process even for smaller organizations,” said Lamar Bailey, director of security research and development for nCircle. “Companies need deep security knowledge to identify and prioritize the software updates that will translate into the greatest security improvements. VERT’s security experts created PPI to give every business access to an up-to-date, prioritized ‘patch immediately’ list that translates directly into a more security network.”
The nCircle Patch Priority Index will be updated monthly and is publicly available to any IT security professional.