Vulnerability management

Vulnerability Management Evaluation Guide – ESW #159

October 31, 2019

 

 

Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Vulnerability Management Evaluation Guide

Deployment

  • Cloud vs. On-Prem
  • Authenticated scanning - agents or other?
  • Local scanners?
  • Integrations - Ticketing systems and reporting

Practice

  • Usability
  • Ability to define roles - Should be a tool all of IT can use
  • Coverage of vulnerabilities
  • Does it fit into DevOps and other practices and procedures?
  • Will it automatically, through integrations or natively, just apply the patches?
  • Other functionality:
    • Web scanning
    • Configuration auditing
    • Asset management
    • FIM
  • How does it fit into operations?
    • Ticketing
    • Remediation priority and tracking

Reporting

  • How customizable is the reporting and processes to support remediation?
  • Priorities
  • Compensating controls
  • Executive reports and trending

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption]

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

[audio src="http://traffic.libsyn.com/sw-all/ESW_159_-_Topic-0_converted.mp3"]

prestitial ad