The Sans 20 tells us that to protect our companies, we should have a vulnerability management program. Some companies may think they're good enough with their current patching process. Some companies may take the SANS advice and implement a vulnerability management program for their on-prem devices. This is a good first step. What happens when you extend your infrastructure to "The Cloud"? When you add the complexity of cloud computing how does this change your Vulnerability Management program? Do you just point the scanner at the cloud provider and "let 'er rip"? Your provider may be less than pleased with this method. So what needs to change? Scan discovery, frequency, and methods all need to be part of the equation! To the cloud!

Back to GrrCON 2015 video list