Half off topic : how do you deal with infosec information overload ?
Repetitive headlines from multiple sources, considering most of them you must follow anyway…
99% of cybersecurity news is what I call "cyberslop" and probably actively harmful to consume.
The vast majority of it is either so trivial that somebody else handled it, and you don't need to do anything. Like they often overhype a malware that doesn't do any novel techniques to get onto your systems and has already been added to the antivirus database anyways.
Or it's so grand in scale that you can't do anything, like nation states doing nation state things. Interesting yes, but it's ultimately a waste of my time to consume because it's not actionable.
Only a tiny fraction of news is actually actionable. It's usually stuff like cve's or zero days and the like. I just only really pay attention to those and ignore everything else.
Better, is probably to subscribe to an actual vulnerability feed so you don't have to go through the news cycle.
Even looking at CVE causes so much fatigue.
Actually I ended up deploying opencve with very few alerts for high cvss score only for critical assets like domain controllers, firewall and vpn gateway.
Even that can’t be the only trusted and exhaustive source, because of sometimes you miss vulnerability that affect your product but is not directly assigned to it.
(-‸ლ)
[edit]: added ascii art meme stay off topic
How many devices and of how many types do you manage with how many people?
Automatically patch is another solution.
Of course it's difficult on the tech side. You can do something like failover/high availability, and then auto update one and it fails over if something breaks.
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!