My thoughts on Mythos have started to coalesce:
- 90% of the vulnerabilities it will find will be vulnerabilities you could already find with existing tools. But orgs aren't using those tools consistently or well. Get ahead of this by using existing tools.
- A lot of exploits are going to be chained, so addressing known vulnerabilities and implementing security controls now can help break links in the anticipated exploit chains.
- Organizations should be prepared for expedited patching for vendor and open source software, and prepared to put resources into detecting and remediating vulnerabilities in internal tools.
