in the last video, we learn about eliminating network vulnerabilities. In this video, we're going to talk about consultants and some of the benefits of automating vulnerability management.
Forget the learning objectives. So we're gonna comfort consultants and automation.
It was like in our pre assessment
consultants never perform penetration testing. Is that true or false?
This is folks. There are many consulting companies that offer penetration. Testing service is
penetration testing and Bo's discovering vulnerabilities on a network and systems and then either exploiting them or just including the possibility of exploit in a penetration testing report.
If you're interested in a career as a penetration testing,
there is a career path here. Own cyber.
Now look, get consultants.
Organizations can use consultant just to feel skill gaps in a vulnerability. Imagine process.
These consultants can do things like penetration, testing or simple vulnerability scans. Oftentimes, remote
penetration testing helps an organization capture in depth vulnerability information
It can also help in organization be compliant, where regulations and standards
the downside of penetration testing include the coast, which normally start at $10,000. You can run into several 100 thousands of dollars,
and the information gathered during a penetration. Tests may only be valid for a short period of time, since new vulnerabilities arise. Dear
says penetration tests have a short shelf life
and a cost, and it costs a lot.
There has to be a solution that we can use more frequently.
so as we see here, we have daily scans, software security,
open source versus commercial.
So let's look a daily scams. First,
we can perform deli vulnerability scans
as you can imagine, though,
this could get very expensive
and we will use up. Vital resource is. Instead, we need to automate the scans to perform them daily
so we can reduce costs, improve accuracy
and reduce the likelihood of human error.
Now, let's look at software secure
even with implementing automation organizations.
Even with implementing automation,
organizations still need to manage software and security on their servers.
If organizations do not update software on a regular basis, it will cause unnecessary resource is to respond to the alerts being triggered by the Vulnerability Management solution
company's needs A Have it regular
maintenance schedule for hardware components as well,
so they need to reduce the likelihood of halt Where, Phil.
Now let's look at open sores versus commercial,
so we now some so now that we should order made out of on ability scanning.
But how? How do we do it?
We can use either an open source to or commercial
This would depend on our budget, are specific needs. And
which is currently with our organization, is currently using.
some of the most common vulnerability scanners for boat, open source and commercial solutions.
You would know what is that? Some of these are specific to Web vulnerabilities like burbs Week,
in the course supplemental Materials area. I've listed some Cyberia Lab's covered the use of some of these tools.
I also wanted to mention that I have provided a link to my free books in a supplemental resource area as well. So feel free to check them out
now It's for us. Open source twos
menos ploy, retina, CS Community
burp Suite Free Edition.
Oh, I'll zap. Which is that attack proxy
Now, as for us for the commercial tubes
strip while your I P 3 60
So let's look at the post assessment
Open Vices 92 that could be used for vulnerabilities. Game.
This is false. Open vice is probably the most popular
open source vulnerability scanner. That's news.
Now we've reached a summary.
In this video we talked about the use of consultants and automation and vulnerability management.
We also talked about
some other kind, open sores and commercial tools and use.
In the next video, we'll talk about priority arising, re mediation.