Be organized and efficient. It’s a simple rule of life that makes things run a whole lot smoother.

This is something especially important when running your vulnerability management program. There are only so many hours in a day, rather, there are only so many hours in a down cycle where the business will let you scan their environment for vulnerabilities!

Let’s assume for a minute that your vulnerability management solution is not safe to run during production hours. (If you’re not using IP360, this may be the case, but that’s a topic for another day!)

Most lines of business will only let the security team scan their environments after hours. These days, that means after about 8 or 9 pm and before 5 or 6 am. That leaves you with somewhere between 8 and 10 scanning hours each night, plus weekends if you’re lucky.

Further to that, some folks who are scheduling these scans end up with scenarios where they only want to scan the Unix servers that are supporting application X on Wednesday Night, the databases servers supporting that application on Friday, the supporting network gear on Monday and the web servers on Sunday morning.

Take that scenario and multiply it by the hundreds of applications, and you have yourself a hot mess of scheduling tasks. I’ve seen some organizations with thousands of scanning windows and tasks that are next to impossible to manage!

This is definitely not fun and can be extremely time-consuming. Who has time for that?

The end result is that you end up unsure if you’re actually covering everything in your environment and hoping that you didn’t miss recommending remediating something that an attacker can easily take advantage of.

Well, what should we do about this, you ask?

Firstly, when selecting a VM solution, (Read more...)