1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why aren’t you vulnerability scanning more often?

Discussion in 'CSO' started by RSS, Mar 24, 2015.

  1. RSS

    RSS New Member Member

    I’ve always been curious about companies that scan their enterprises for vulnerabilities once per quarter or even once per year. Why is this the case exactly? I’ve worked in these environments and I've heard all manner of excuses as to why this was an issue. “We can’t have any outages because it is a critical roll out for $project and we can’t have any downtime.” That one was always one of my favorites.

    No matter what the rationale was there never failed to be an issue that would slow things down. There were several organizations that I worked in over the years that would severely constrain scanning activities to the point of abject frustration on my part. The worst of the lot only allowed for scanning once per year and only on select systems. The point of this was completely lost on me until I realized that most of the aforementioned systems would be offline for “maintenance” during the scanning windows. I finally got to the point where I would scan at off hours and figured that I would fall on my sword if I was dragged on the carpet for the inquisition. Could have been a career limiting move in many ways but, lucky for me in panned out.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page