EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation скачать в хорошем качестве

EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation

Guest: • Caleb Hoch (  / caleb-hoch  ) , Consulting Manager on Security Transformation Team, Mandiant, Google Cloud Topics: • How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing? • Why are so many organizations stuck with 1990s VM practices? • Why mitigation planning is still hard for so many? • Why do many organizations, including large ones, still rely on unauthenticated scans despite the known importance of authenticated scanning for accurate results? • What constitutes a "gold standard" vulnerability prioritization process in 2025 that moves beyond CVSS scores to incorporate threat intelligence, asset criticality, and other contextual factors? • What are the primary human and organizational challenges in vulnerability management, and how can issues like unclear governance, lack of accountability, and fear of system crashes be overcome? • How is AI impacting vulnerability management, and does the shift to cloud environments fundamentally change VM practices? Resources: • EP109 How Google Does Vulnerability Management: The Not So Secret Secrets! (https://cloud.withgoogle.com/cloudsec...) • EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar (https://cloud.withgoogle.com/cloudsec...) • EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing (https://cloud.withgoogle.com/cloudsec...) • How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends (https://cloud.google.com/blog/topics/...) • Mandiant M Trends 2025 (https://services.google.com/fh/files/...) • EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators (https://cloud.withgoogle.com/cloudsec...) • Mandiant Vulnerability Management (https://cloud.google.com/security/res...)