A Holistic, Enterprise-Wide Strategy is Essential
- Many scanning tools provide information about the severity of vulnerabilities. This needs to be part of your aggregated threat intelligence.
- Continuous scanning is an important part of any vulnerability management program for both vulnerability detection and validating remediation.
“You need to get that holistic life cycle in place and make sure that you have buy-in from all the other technical teams. You need that because you can’t do security by yourself.”
“One of the biggest things I see in complex IT environments is people being paralyzed by all the analysis that needs to happen and all these tools that are telling you there are lots of threats in the environment,” says Bobby Adams, who heads a team responsible for security architecture at a large brokerage firm. Paralysis sets in when people are faced with too many alerts and not enough resources to analyze or remediate them properly.