In a recent SC Media webcast, host Adrian Sanabria spoke with HD Moore, CEO and Founder at runZero, and his Vice President of Security Research, Tod Beardsley, about emerging practices and technologies reshaping vulnerability management, including continuous exposure assessment, smarter aggregation, and attacker-informed prioritization. This article captures the key takeaways.A recurring theme was the necessity of thorough asset discovery—knowing what’s on your network is foundational.“You can’t protect what you can’t see,” Moore said, emphasizing that organizations should use automated solutions to routinely map out infrastructure, including legacy systems and unauthenticated devices. If a vulnerability scanner can’t authenticate to an asset, treat it as a top priority, as lack of visibility poses its own high risk, he added.Beyond raw vulnerability counts, they cautioned against over-reliance on CVE-based tools and compliance checklists. Many significant threats, such as default credentials or poor configurations, won’t appear in standard reports but are often exploited in real breaches. Security teams should supplement scanning with configuration reviews and ensure that coverage extends to non-traditional devices, like network equipment and third-party IoT.The panelists said aligning organizational incentives is crucial. Instead of tracking success by the number of vulnerabilities found or remediated, tie metrics to improved visibility and reduced risk across all assets, they said. This encourages teams to seek out blind spots rather than ignore them.Rapid response also featured heavily in the discussion. Organizations should leverage solutions that alert them to new vulnerabilities based on real-time intelligence and asset inventories, rather than waiting on scanner updates, the panelists stressed. The ability to instantly identify assets affected by a zero-day—through query-based searches—can dramatically accelerate mitigation.In summary, the webcast underscored that effective vulnerability management hinges on deep asset knowledge, context-aware prioritization, comprehensive coverage—including hard-to-see assets—and rapid adaptability.By focusing on these practical strategies, the panelists said, organizations can move beyond compliance checkboxes to true risk reduction.
Exposure management, Vulnerability Management
Legacy vulnerability management tools can’t keep up. Here’s the path forward
Bill Brenner
InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds