Gartner Blog Network

Tag: 'vulnerability-assessment' Blog Posts

from the Gartner Blog Network

BAS and Red Teams Will Kill The Pentest

by Augusto Barros  |  February 14, 2018

With our research on testing security methods and Breach and Attack Simulation tools (BAS), we ended up with an interesting discussion about the role of the pentest. I think we...

Read more »

Our new Vulnerability Assessment Tools Comparison is out!

by Augusto Barros  |  August 2, 2017

Vulnerability assessment is usually seen as a boring topic and most people think the scanners are all equal - reaching the "commodity" status. Well, for basic scanning capabilities, that's certainly...

Read more »

It's Here! Our New VM And VA Papers Have Been Published

by Augusto Barros  |  November 17, 2015

I'm very happy to announce that my first research papers have just been published on Gartner.com! These documents are the result of the work Anton and I did on Vulnerability...

Read more »

Vulnerability Management: Have We Reached a Best Practices Plateau?

by Augusto Barros  |  September 30, 2015

During our work to refresh existing Vulnerability Management and Vulnerability Assessment research papers (here and here - GTP access required) we (Anton Chuvakin and I) talked with vendors on the...

Read more »

My Vulnerability Assessment Technology Paper Publishes!

by Anton Chuvakin  |  March 21, 2012

If you are done reading  my “Vulnerability and Security Configuration Assessment Solutions Comparison”, time to start on the next opus grandioso. My “Vulnerability Management Practices and Vulnerability Assessment Technology” just...

Read more »

My Vulnerability Assessment Paper Publishes!

by Anton Chuvakin  |  March 8, 2012

One of the three vulnerability assessment papers I’ve been working on published today. “Vulnerability and Security Configuration Assessment Solutions Comparison” is an in-depth look at vulnerability assessment tools used by...

Read more »

On PCI DSS and Scanning

by Anton Chuvakin  |  December 16, 2011

PCI DSS and vulnerability scanning are maybe not brothers, but definitely close relatives. PCI DSS mandates that scanning actually happens on schedule, while vulnerability assessment helps find the holes  that...

Read more »

On Vulnerability Management and Clouds

by Anton Chuvakin  |  November 14, 2011

This is about “clouds”, so everybody must read it   Specifically, this was inspired by this insightful LinkedIn discussion about large-scale vulnerability management where many notable VA/VM personalities chimed in...

Read more »

On LARGE Scale Vulnerability Management

by Anton Chuvakin  |  October 31, 2011

Vulnerability management is very easy, really. Get a scanner, scan a system, peruse the report listing all the flaws, then go and fix them. Done! Risk is presumably reduced and/or...

Read more »

On Scanning “New” Environments

by Anton Chuvakin  |  October 17, 2011

First, I want to thank my readers for a lot of insightful comments to my previous post: “On Vulnerability Prioritization and Scoring.” It helped me refine some of the key...

Read more »