The Biden administration is requiring federal agencies to patch 200 security vulnerabilities that cybersecurity professionals found between 2017 and 2020. Fixing known vulnerabilities could have prevented many recent security breaches.
The Cybersecurity Infrastructure and Security Agency this week released a binding operational directive this week requiring federal agencies to patch known exploited vulnerabilities carrying "significant risk" to the federal enterprise. The directive also established a catalog of nearly 300 vulnerabilities, each with an accompanying due date for taking action. Roughly a third
The move represents a change in strategy for the company, which had previously been keen to acquire other firms to expand its portfolio, including most recently Cloudvisory in January 2020. This was the firm s seventh acquisition, and previously bought the business platform Verodin for $250 million (roughly £190 million) in 2019.
Mandia said the sale of the broader FireEye portfolio to private equity will help to grow the Mandiant Solutions business, which FireEye claims has established its position as the market leader in threat intelligence and security expertise. We believe this separation will unlock our high-growth Mandiant Solutions business and allow both organizations to better serve customers, said Kevin Mandia, chief executive.
This framework for managed service provider (MSP) security would require MSPs to legally meet the 14 cyber security principles that make up the existing Cyber Assessment Framework. These currently apply only to organisations within the UK critical national infrastructure (CNI) sector, those subjected to the NIS Directive, and businesses managing cyber-related risks to public safety.
Under the proposals, organisations may also be asked to instigate policies to protect devices and prevent unauthorised access, ensure data is protected at rest and transit, keep backups secure and accessible, and train staff in cyber security.
“There is a long history of outsourcing of critical services,” said digital infrastructure minister, Matt Warman. We have seen attacks such as ‘CloudHopper’ where organisations were compromised through their managed service provider.