Improving Vulnerability Management with Penetration Testing

Overview

Vulnerability management consists of a combination of technologies and processes that can be used to improve an organization's security posture and to support regulatory compliance initiatives. Security managers commonly use vulnerability assessments to determine the security state of their IT systems. However, changing processes and technologies present a challenge to vulnerability assessment tools, as they can go only so far in detecting potential attack paths. In addition, changes in technology and business processes are reducing vulnerability assessment effectiveness even further.

According to Gartner*, deeper penetration testing is now needed to augment existing vulnerability management processes, especially in light of the rising level of targeted attacks.

During this on-demand Webcast, you'll hear from:

• John Pescatore, from featured analyst firm Gartner, who discusses the overall state of security, including recent attack trends
• Alan Paller of the SANS Institute, who provides insights on how penetration testing can be used to mitigate the impact of these trends

Alan Paller also interviews A. Eben Berry, Director of Network and Security Infrastructure from BlueCross BlueShield of Massachusetts, about why repeatable testing of security defenses is a high priority for his organization.

*Penetration Testing Augments Vulnerability Management to Deal with Changing Threats; John Pescatore, Amrit Williams, Mark Nicolette, Paul Proctor and Kelly Cavanaugh; January, 2006.