This year for my New Year’s resolution I am going to start sharing best practices for what I have learned over my 25+ years working with MSPs.  Going back to the basics is always a great place to start.  So out of all of the cybersecurity technologies I will start with vulnerability scanning.  This may seem counterintuitive, but please read on to find out why.

Vulnerability scanning has been around for a long time.  Typically it has been done once a year to meet a compliance requirement which is normally how the customer came to own the technology.  The goal is to catalog all of the software on the devices to check the patch levels.  This is fairly easy to do and painless.  The next step is not.

Most of the vulnerability management tools were designed to generate as many vulnerabilities as possible in an effort to show they are doing A LOT.  If you are an MSP you are probably already intimately familiar with this.  Now that you have a list of 1,000 vulnerabilities you have to figure out how many are critical and need to be addressed right away?  

If you are doing the patching you need to figure out how many you can address and still have your team complete their daily tasks.  This is normally where the rub comes in. How can we more efficiently and effectively do this better?

Finally there are vendors that have developed advanced strategies to help you prioritize the list of vulnerabilities.  It starts with comparing threat intelligence against the devices and their settings.  If the device is set up in a way where the vulnerability can't run it is very easy to cross that one off of your list and reduce your workload. This year I expect to see AI leveraged to make this even more effective.

Here is something new to think about.  How do we get the vulnerability scan from our devices into our SIEM so we can use it?  The benefit is immediate.  If an analyst is researching a case and has that device level information at their fingertips it can help them make a more informed decision on how to remediate the issue.  Talk to your SIEM/SOC provider to see if they have an import feature.

Hardening your customers endpoints using vulnerability scanning also needs to be done more than once a year.  If you do this monthly you will see a noticeable reduction in the tickets and issues at your help desk.  This ounce of prevention will pay off big time in growing the profitability of your business.

Happy 2026 until next time!

Brian Stoner
SVP, Growth
Judy Security