Gartner Blog Network

Category: 'vulnerability-management' Blog Posts

from the Gartner Blog Network

We Scan and We Patch, but We Don’t Do Vulnerability Management

by Anton Chuvakin  |  May 14, 2018

Lately, we’ve been flooded with calls about vulnerability management (VM). Many of the calls seem to be from organizations of medium to low security operations maturity, that are just starting...

Read more »

The Virtual Patch Analyst

by Augusto Barros  |  March 7, 2018

Is there a need, or place for a "virtual patch analyst"? If you look at our guidance on vulnerability management, you’ll see that one of the key components we suggest...

Read more »

All My Research Published in 2017

by Anton Chuvakin  |  December 28, 2017

To make it easy for the readers to find my research, here is the list of everything I published in 2017 [most co-authored with Augusto Barros]. Gartner GTP access is...

Read more »

Our new Vulnerability Assessment Tools Comparison is out!

by Augusto Barros  |  August 2, 2017

Vulnerability assessment is usually seen as a boring topic and most people think the scanners are all equal - reaching the "commodity" status. Well, for basic scanning capabilities, that's certainly...

Read more »

Update to our Vulnerability Management Guidance Doc

by Augusto Barros  |  June 22, 2017

Our updated Vulnerability Management Guidance document has just been published. It is a refinement to the guidance framework we created a couple of years ago. The focus on this one...

Read more »

WannaCry or Useful Reminders of the Realities of Vulnerability Management

by Anton Chuvakin  |  May 18, 2017

WannaCry whatever. Not that I am keyword trawling, but this recent Windows XP/NSA/North Korea/ransomware/bitcoin/OMG drama made me think about good old vulnerability management again – especially given that it is...

Read more »

Paper on Pentesting and Red Teams is OUT!

by Augusto Barros  |  April 18, 2017

As anticipated here, my short paper on pentesting and red teams is finally out. It was a fun paper to write as it follows a new model for us, GTP...

Read more »

So You Want To Build A SOC?

by Augusto Barros  |  October 17, 2016

Now you can! But should you do it? As anticipated here and here, our new paper about how to plan, design, operate and evolve a Security Operations Center is out! This...

Read more »

Notes From My First Security Summit

by Augusto Barros  |  July 5, 2016

I've finally found some time to collect my notes and impressions from my first Gartner Security and Risk Management Summit, back in June. I delivered one full session on Vulnerability...

Read more »

Is It Really Failing That Bad?

by Augusto Barros  |  December 8, 2015

One of Gartner's 2016 predicts documents includes a very interesting finding about vulnerabilities being exploited:  Existing vulnerabilities remain prevalent throughout the threat landscape, as 99.99% of exploits are based on...

Read more »