Vulnerability Management Questions
Elsayed Ahmed
CIO at AIMS
Sep 08 2021

Hi cybersecurity professionals,

I'm looking for your recommendations about penetration testing tools for SMB/SME. 

What would be your choice? Please share a technical description of why would you choose this tool over others.

Thanks in advance.

User at DDD
Jul 16 2021

Hi, I'm doing integration between Tenable and ServiceNow and I'm looking for an API for Tenable Connector into ServiceNow.

Does anyone have good recommendations? 

Thank you!

Evgeny Belenky
IT Central Station
Jul 28 2021

Hi peers,

Which automated tools for penetration testing would you recommend to your colleagues working for enterprises? 

Please share 1-3 reasons why you like those tools.

pentesting automation
VishalDhamkeThere are many automated DAST & SAST tools but from my perspective, there is no… more »
John RendyHi Evgeny, There is one automated penetration testing tool that performs way… more »
Jairo Willian Pereira
Information Security Manager at a financial services firm with 5,001-10,000 employees

Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)?

James DirksenYes, take a look at DeepSurface. It’s designed to automate the process. 
Rony_Sklar
IT Central Station
Jun 15 2021

Is continuous vulnerability scanning essential? 

Are there other approaches to vulnerability management that do not involve continuous scanning?

George FyffeAs data increasingly moves from on-prem to Public Cloud, we need a complete… more »
Gilbert-KabugiI believe vulnerability scanning is usually a scheduled activity where you can… more »
Jairo Willian PereiraYes, essential*. You can start your program, for example, based on "Internet… more »
Rony_Sklar
IT Central Station
Aug 21 2021

In the past vulnerability assessment has been the primary approach used to detect cyber threats. 

Risk-based vulnerability management has become increasingly popular. 

How do each of these approaches work, and which do you think is more effective?

Paresh MakwanaYOU are right that earlier vulnerability assessment was very basic and done as… more »
DavidGilliesAs soon as a vulnerability assessment is complete, it is obsolete. Your… more »
Luis BarreraI think risk-based vulnerability managemente it´s the way to go since you only… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station

Let the community know what you think. Share your opinions now!

Fin Nish- Great dashboard - Reporting - Supports multiple formats (PDF, CSV, XML) -… more »
Micheal Iroko-Msc, CISA, CISM, CRISC, COBIT, CEHEnsure compatibility of the vulnerability software to the organization's needs.