Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.
Visit https://www.securityweekly.com/esw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Vulnerability Management Evaluation Guide
- Cloud vs. On-Prem
- Authenticated scanning – agents or other?
- Local scanners?
- Integrations – Ticketing systems and reporting
- Ability to define roles – Should be a tool all of IT can use
- Coverage of vulnerabilities
- Does it fit into DevOps and other practices and procedures?
- Will it automatically, through integrations or natively, just apply the patches?
- Other functionality:
- Web scanning
- Configuration auditing
- Asset management
- How does it fit into operations?
- Remediation priority and tracking
- How customizable is the reporting and processes to support remediation?
- Compensating controls
- Executive reports and trending
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand