Vulnerability Management Evaluation Guide – ESW #159

 

 

Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Vulnerability Management Evaluation Guide

Deployment

  • Cloud vs. On-Prem
  • Authenticated scanning – agents or other?
  • Local scanners?
  • Integrations – Ticketing systems and reporting

Practice

  • Usability
  • Ability to define roles – Should be a tool all of IT can use
  • Coverage of vulnerabilities
  • Does it fit into DevOps and other practices and procedures?
  • Will it automatically, through integrations or natively, just apply the patches?
  • Other functionality:
    • Web scanning
    • Configuration auditing
    • Asset management
    • FIM
  • How does it fit into operations?
    • Ticketing
    • Remediation priority and tracking

Reporting

  • How customizable is the reporting and processes to support remediation?
  • Priorities
  • Compensating controls
  • Executive reports and trending

Hosts

Matt Alderman
Matt Alderman – CEO
Paul Asadoorian
Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand