Special Webcast: Top Five Vulnerability Management Failures (and Best Practices) – February 11, 2020 3:30pm US/Eastern
- Tuesday, February 11th, 2020 at 3:30 PM EST (20:30:00 UTC)
- David Hazar
You can now attend the webcast using your mobile device!
We have had tools and technology to help us identify vulnerabilities for over 20 years. The Nessus project began in 1998. Qualys and Rapid7 released products shortly thereafter. Tools for identifying vulnerabilities in code were made available around the same time with AppScan, Fortify, WebInspect, and Acunetix being just a handful of early options. The number of identification mechanisms and the maturity of tools has greatly increased over the years, yet we still struggle to eliminate vulnerabilities in our environments. Why can’t we solve this seemingly simple problem?
Obviously, identification is not the key to effective vulnerability management. So, what should we be doing and what are some of the reasons we are failing? Join me as I share examples of the struggles many of my clients are facing and discuss the best practices that can help organizations avoid these failures.
David Hazar is a SANS analyst, instructor and co-author of SANS MGT516: Managing Security Vulnerabilities: Enterprise and Cloud. He also is an instructor for SANS SEC540: Cloud Security and DevOps Automation. With close to 20 years of broad, deep technical experience gained from a variety of hands-on roles serving the financial, healthcare and technology industries, his current areas of focus include vulnerability management, application security, cloud security and secure DevOps. He holds the CISSP, GWAPT, GWEB, GMOB, GCIA, GCIH, GCUX, GCWN, GSSP-.NET and GSTRT certifications.