If you think you’re doing a bad job at vulnerability management, maybe it isn’t as bad as you think.
If you use Retina and Beyond Insight, many vulnerabilities over the past 6+ months may not have been marked as remediated.
The scan results may be accurate, but the analytics module continues to show the vulnerability even after remediation.
Every report you run might have months’ worth of vulnerabilities that aren’t really there.
|Scan #1||System has 5 vulnerabilities||System has 5 vulnerabilities|
|Analytics Report #1||System has 5 vulnerabilities||System has 5 vulnerabilities|
|Admin Remediation||4 of 5 vulnerabilities are remediated||4 of 5 vulnerabilities are remediated|
|Scan #2||System has 1 vulnerability||System has 1 vulnerability|
|Analytics Report #2||System has 4 current vulnerabilities and 1 was remediated||System has 1 current vulnerability and 4 were remediated|
|Management||Why do we have so many vulnerabilities?!||Great job getting rid of so many vulnerabilities!|
The development team at Beyond Trust worked quickly to produce a fix just a few days after the issue was reported to them and the fix will be incorporated into the next release. Unfortunately, you might have already been held accountable for poor results.
If you use Retina and Beyond Insight, compare your scan results to your analytics report to see if you have any discrepancies. If you do, you might want to reach out to support for the hotfix.
As an IT/Security person, you should question everything.
Don’t blindly trust the data you get from any tool. Constantly check your tools, test them, and compare them against their competitors.