Vulnerability management

Vulnerability Management Evaluation Guide – ESW #159

October 31, 2019



Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Vulnerability Management Evaluation Guide


  • Cloud vs. On-Prem
  • Authenticated scanning - agents or other?
  • Local scanners?
  • Integrations - Ticketing systems and reporting


  • Usability
  • Ability to define roles - Should be a tool all of IT can use
  • Coverage of vulnerabilities
  • Does it fit into DevOps and other practices and procedures?
  • Will it automatically, through integrations or natively, just apply the patches?
  • Other functionality:
    • Web scanning
    • Configuration auditing
    • Asset management
    • FIM
  • How does it fit into operations?
    • Ticketing
    • Remediation priority and tracking


  • How customizable is the reporting and processes to support remediation?
  • Priorities
  • Compensating controls
  • Executive reports and trending


[caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption]



  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to If you have missed any of our previously recorded webcasts, you can find our on-demand library at

[audio src=""]

prestitial ad