DESCRIPTION

Vulnerability management is essential for most companies today. Either you are driven by norms and standards to introduce one or, and this makes much more sense, they have recognized the need to close the weak points of their company.

Even before the first scan runs, however, you should first deal with the scope of the systems to be tested. A comparison to better understand the challenge is: a craftsman who wants to hammer a nail into the wall uses a hammer and not a chainsaw. The same applies to vulnerability management. Using an IP and port based scanner to check the security of a web domain can be an almost impossible task. Therefore, companies should deal with the audit scope at an early stage, i.e. the systems to be analyzed for vulnerabilities. The different types of systems may also make it necessary to use more than one tool. But choosing the right tools is often not easy thanks to almost unbelievable marketing promises from various manufacturers.

Unfortunately, there is no golden bullet for a VMS. We will present some Do's and Dont's illustrated on real-world project examples.

WHY THE COMMITTEE CHOSE THIS TALK

Usually a company already knows its security problems. But fixing needs a good strategy that can be implemented in the company over and over again. Every practical advice helps.

SPEAKER

Hanno Schaz

Julian Geils