An enterprise invests considerable amount of time in its day to day scanning and managing patched for the infrastructure. But, an enterprise psychological analysis shows us otherwise i.e. most of the enterprises shy away from scanning and patching their business critical infrastructure in a fear of interrupting their already established critical applications. Another side of the story shows that, the enterprise test, scan and manage patches up to the staging elevation but fail to re-asses the same when they go live on production environment. The major challenge here is to convince the stakeholders about the end user impact after running a thorough security scanning and management of patches. Metasploit which is a famous exploit development toolkit adds several exploits to its repository on a monthly basis there by hinting to us that the threat vectors are increasing day by day. In this article we shall understand how to balance the security management with business operations.
Read the full article published at Infosec Institute.