Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
in the last video, we learn about eliminating network vulnerabilities. In this video, we're going to talk about consultants and some of the benefits of automating vulnerability management.
00:13
Forget the learning objectives. So we're gonna comfort consultants and automation.
00:19
It was like in our pre assessment
00:21
consultants never perform penetration testing. Is that true or false?
00:29
This is folks. There are many consulting companies that offer penetration. Testing service is
00:34
penetration testing and Bo's discovering vulnerabilities on a network and systems and then either exploiting them or just including the possibility of exploit in a penetration testing report.
00:47
If you're interested in a career as a penetration testing,
00:50
there is a career path here. Own cyber.
00:56
Now look, get consultants.
00:58
Organizations can use consultant just to feel skill gaps in a vulnerability. Imagine process.
01:03
These consultants can do things like penetration, testing or simple vulnerability scans. Oftentimes, remote
01:11
penetration testing helps an organization capture in depth vulnerability information
01:17
at a specific time.
01:19
It can also help in organization be compliant, where regulations and standards
01:25
the downside of penetration testing include the coast, which normally start at $10,000. You can run into several 100 thousands of dollars,
01:34
and the information gathered during a penetration. Tests may only be valid for a short period of time, since new vulnerabilities arise. Dear
01:45
look at automation
01:48
says penetration tests have a short shelf life
01:51
and a cost, and it costs a lot.
01:53
There has to be a solution that we can use more frequently.
01:59
There is
02:00
so as we see here, we have daily scans, software security,
02:05
open source versus commercial.
02:08
So let's look a daily scams. First,
02:12
we can perform deli vulnerability scans
02:15
as you can imagine, though,
02:16
this could get very expensive
02:20
and we will use up. Vital resource is. Instead, we need to automate the scans to perform them daily
02:25
so we can reduce costs, improve accuracy
02:30
and reduce the likelihood of human error.
02:34
Now, let's look at software secure
02:37
even with implementing automation organizations.
02:42
Even with implementing automation,
02:44
organizations still need to manage software and security on their servers.
02:50
If organizations do not update software on a regular basis, it will cause unnecessary resource is to respond to the alerts being triggered by the Vulnerability Management solution
03:01
company's needs A Have it regular
03:04
maintenance schedule for hardware components as well,
03:07
so they need to reduce the likelihood of halt Where, Phil.
03:15
Now let's look at open sores versus commercial,
03:19
so we now some so now that we should order made out of on ability scanning.
03:25
But how? How do we do it?
03:30
We can use either an open source to or commercial
03:35
vert.
03:38
This would depend on our budget, are specific needs. And
03:43
our organization,
03:45
which is currently with our organization, is currently using.
03:49
I have listed out
03:51
some of the most common vulnerability scanners for boat, open source and commercial solutions.
03:57
You would know what is that? Some of these are specific to Web vulnerabilities like burbs Week,
04:01
Nick Zito and Zap
04:04
in the course supplemental Materials area. I've listed some Cyberia Lab's covered the use of some of these tools.
04:14
I also wanted to mention that I have provided a link to my free books in a supplemental resource area as well. So feel free to check them out
04:25
now It's for us. Open source twos
04:27
have open vase
04:29
menos ploy, retina, CS Community
04:31
burp Suite Free Edition.
04:33
Nick Tow.
04:35
Oh, I'll zap. Which is that attack proxy
04:39
clear.
04:41
More latch
04:42
and powerful.
04:44
Now, as for us for the commercial tubes
04:46
strip while your I P 3 60
04:48
Tenable nexus
04:49
Comodo hacker proof
04:51
Wallace
04:54
and Elian Boat USL.
04:56
Also solar winds.
05:00
So let's look at the post assessment
05:03
Open Vices 92 that could be used for vulnerabilities. Game.
05:09
Is this true?
05:10
Or foes?
05:14
This is false. Open vice is probably the most popular
05:18
open source vulnerability scanner. That's news.
05:23
Now we've reached a summary.
05:26
In this video we talked about the use of consultants and automation and vulnerability management.
05:31
We also talked about
05:33
some other kind, open sores and commercial tools and use.
05:38
In the next video, we'll talk about priority arising, re mediation.

Up Next

Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By

Instructor Profile Image
Corey Charles
Founder of DreamVision IT LLC
Instructor