A few weekes ago I wrote about the current state of vulnerability assessment being like a parody of an Obama/Hillary commerical.  Who answers the phone at 3am?  For vulnerability assessment, the results are only as good as who answers the scan.  This has been a problem for security managers and vulnerability assessors for some time.  Balancing scanning during prime time and impacting network performance versus scanning during down times when the devices you need to scan may not be available.

Today StillSecure announced our reponse to ending this problem. We call it Dynamic Vulnerability Assessment (DVA).  With DVA you will have vulnerability and compliance data as of at least the last time a device logged on the network.  This closes the loophole and gives organizations a much more comprehensive and secure assessment of who is on the network and what they look like.

To accomplish this we are using some of our NAC technology from Safe Access. This allows us to detect devices as they come on the network. We can also use the purpose built Safe Access testing engine to deep compliance checks to supplement the tradtional vulnerability checks.  We think this is a big step up in vulnerability assessment and management.  Am interested in what others think.