Vulnerability Management Automation = Good or Bad and for Whom?
Vulnerability Management Automation = Good or Bad and for Whom? Do we believe "highly automated security services" are a good thing? Where does automation work and where does it fall short? The Good: Scale Security Automation can deliver thousands of assessments, on-demand and scale to extremely large estates which require vulnerability management on a regular basis. "Low hanging fruit" can be easily detected but at times Risk can be inaccurate which affects prioritization. Automation still needs to be tuned such that its production safe and does not negatively affect the asset being assessed. Automation can be challenging in relation to authenticated assessments and even more so when multi-factor authentication is used by the asset. Metrics Frequent or on-demand assessments via automation can assist in the provision of ongoing metrics. We can measure TTR (Time To Remediation), Identify most common vulnerabilities, Assist with Root-cause an