Vulnerability Management Best Practices and Common Pitfalls

Explore a comprehensive conference talk on threat and vulnerability management (TVM) that identifies critical aspects often overlooked in the TVM lifecycle. Learn about best practices for architecting deployments, building operational tasks, aligning reporting with business processes, communicating vulnerabilities and risk to stakeholders, and adding automation. Discover common problems in TVM implementations and how to avoid them, including proper patching approaches, discovery methods, vulnerability scanning techniques, and risk management strategies. Gain insights into effective reporting, automation, web application scanning, cloud scanning, and code integration. Whether you're involved in day-to-day TVM operations or architecting new installations, acquire valuable knowledge to improve your organization's vulnerability management practices and align them with business requirements.

Intro
Disclaimer
Prerequisites
Common Problems
Patching Approach
Discovery
Things to avoid
Discovery sweeps
Vulnerability scanning
Authentication vs Unauthenticated
Risk Management
Reporting
Automation
Web App Scanning
Cloud Scanning
Code Integration
Agents