Can we get remediation reporting that talks about patches, configurations and/or software currency instead of vulnerabilities?
Fact is, nobody outside of security cares about vulnerabilities. In fact vulnerabilities are just the symptom of a faulty underlying service. VM is oversight on patch management, configuration management, and software currency. It would be fantastic to get remediation reports that tell them what patch, etc. the remediation team needs to do to fix it. The remediation recommendation behind the scenes provides priority based on vulnerability, but the remediation team doesn't need to know that. In fact installing a patch is often a many to one solution, where the patch will fix many vulnerabilities or varying severities. But as long as the urgent one is addressed the others are a matter of convenience. To be effective security needs to speak the common language of IT since they are the most common recipients of our outputs. Can we stop navel gazing an engage.
Can we get remediation reporting that talks about patches, configurations and/or software currency instead of vulnerabilities?
Fact is, nobody outside of security cares about vulnerabilities. In fact vulnerabilities are just the symptom of a faulty underlying service. VM is oversight on patch management, configuration management, and software currency. It would be fantastic to get remediation reports that tell them what patch, etc. the remediation team needs to do to fix it. The remediation recommendation behind the scenes provides priority based on vulnerability, but the remediation team doesn't need to know that. In fact installing a patch is often a many to one solution, where the patch will fix many vulnerabilities or varying severities. But as long as the urgent one is addressed the others are a matter of convenience. To be effective security needs to speak the common language of IT since they are the most common recipients of our outputs. Can we stop navel gazing an engage.