Vulnerability Management Questions
Jairo Willian Pereira
Information Security Manager at a financial services firm with 1,001-5,000 employees
Feb 05 2021

Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)?

James DirksenYes, take a look at DeepSurface. It’s designed to automate the process. 
Ludwing Caviedes
VP Innovation and Development at Coinsa SAS

I'm a VP Innovation and Development at a small Tech Services company. Is it possible that a single vulnerability analysis software does not detect the entire spectrum of threats?

Avraham SonenthalNo single product will detect all vulnerabilities. That is why in security we… more »
Vladimir JirasekShort answer: No. Long one: start with vulnerability assessment for your key… more »
George FyffeYou wont find a single tool that will report on all the vulnerabilities that can… more »
IT Central Station

Is continuous vulnerability scanning necessary? Are there other approaches to vulnerability management that do not involve continuous scanning?

George FyffeAs data increasingly moves from on-prem to Public Cloud, we need a complete… more »
Gilbert-KabugiI believe vulnerability scanning is usually a scheduled activity where you can… more »
reviewer1050960Because the Technology landscape is constantly changing, the Thread landscape is… more »
Senior System Engineer at Trianz

I'm a Senior System Engineer at a mid-sized enterprise. I am comparing Qualys VM and Tenable Nessus: 

  • What are their exact differences?
  • Which is good for IT industries?
  • What are their pros & cons?
IT Central Station

In the past vulnerability assessment has been the primary approach used to detect cyber threats. Risk-based vulnerability management has become increasingly popular. How do each of these approaches work, and which do you think is more effective?

Paresh MakwanaYOU are right that earlier vulnerability assessment was very basic and done as… more »
DavidGilliesAs soon as a vulnerability assessment is complete, it is obsolete. Your… more »
Luis BarreraI think risk-based vulnerability managemente it´s the way to go since you only… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Feb 04 2021

Let the community know what you think. Share your opinions now!

Fin Nish- Great dashboard - Reporting - Supports multiple formats (PDF, CSV, XML) -… more »
Micheal Iroko-Msc, CISA, CISM, CRISC, COBIT, CEHEnsure compatibility of the vulnerability software to the organization's needs.