How many of these devices do we have in our asset inventory?
Do they have a cvss score yet?
Let’s just do it ourselves with an ssvc score.
Can this be exploited remotely?
Call crowdstrike, tell them to get a network detection written and deployed.
How long do we have before the quarterly audit?
Can our soc do threat hunts against this?
Get me the RTOs, RPOs, and business impact assessment.
Let’s MOVE, people!
What!
How many of these devices do we have in our asset inventory? Do they have a cvss score yet? Let’s just do it ourselves with an ssvc score. Can this be exploited remotely? Call crowdstrike, tell them to get a network detection written and deployed. How long do we have before the quarterly audit? Can our soc do threat hunts against this? Get me the RTOs, RPOs, and business impact assessment. Let’s MOVE, people!