I'm researching a common challenge in security workflows. Consider this scenario: You have multiple tools, such as Qualys or Tenable for on-premises scanning, and Wiz, Orca, or Prisma for cloud environments. You might also be using agent-based solutions like Tanium. With this setup, security teams often face a deluge of vulnerability findings—thousands per week, many of which are duplicates because the same asset gets reported by different tools. This situation leads to hours spent in Excel or with scripts trying to deduplicate the data. I'm curious about your experiences: Is this how you handle things? If so, how many hours do you spend each week on this? Have you found any effective tools to help with the process? And if there was a solution that worked seamlessly with all your scanners, would you consider paying for it? I'm gathering insights for research purposes, not selling anything just yet, and I'd be happy to share my findings if you're interested.
1 Answer
Managing vulnerabilities can be exhausting! I use a combination of Nessus Professional, 365 Defender, and Jamf for different operating systems, which includes like 5000 Windows machines and 200 Macs. The workload is non-stop, especially with all the third-party updates and BIOS patches out there. I spend a fair amount of time cleaning up data in Excel, too. It's definitely draining!
That sounds brutal! How many hours do you think you spend just managing that data in Excel each week? If a tool could streamline that process—like pulling findings from multiple sources and presenting a clear action list—would you find that useful?