Choose how you attend: SANS Network Security 2020 offers 35+ courses in Las Vegas OR Live Online!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

What Works Increasing Vulnerability Management Effectiveness While Reducing Cost

  • Wednesday, February 18, 2015 at 1:00 PM EST (2015-02-18 18:00:00 UTC)
  • John Pescatore


  • Tenable

You can now attend the webcast using your mobile device!



Incident investigation reports, such as the Verizon Data Breach Investigation report, continually show that over 75% of successful threats exploit known vulnerabilities. An equally high percentage of enterprises report they have deployed vulnerability assessment and management processes and technologies yet attackers continue to find and exploit vulnerabilities before enterprises find them and mitigate or shield the vulnerability from attack. Something is wrong here.

A common problem has been that enterprise vulnerability assessment processes have been delivering huge floods of vulnerability data with very little useful, prioritized guidance. Threats and business demands change constantly and the actual risk of a missing patch or misconfigured system depends on both the presence of active threats and the business-relevance of a particular asset or system. In order to provide business value, vulnerability assessment processes and tools need to be upgraded to provide that guidance - while still meeting budget and staffing constraints.

This SANS What Works Webinar will detail the process the Senior Security Architect at a Healthcare services firm followed in increasing the effectiveness of their vulnerability management processes using Tenable SecurityCenter Continuous View, while actually reducing cost at the same time. SANS Director John Pescatore will interview the Senior Architect to detail his experience selecting and deploying the Tenable platform and go through lessons learned and future plans. Come hear What Works in increasing both the effectiveness and efficiency of vulnerability assessment reporting and management.

The user interviewed for this case study has requested anonymity to maintain confidentiality. The SANS What Works program can help our security community at large make more informed decisions by encouraging seasoned professionals to share their stories without revealing the name of the organization.

Speaker Bio

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.