Older TLS (Transport Layer Security) version is marked insecure by vulnerability scanner. Certain cybersecurity practitioners make decision solely based on scanner report and blindly to urge system admin to “fix” it without looking at the big picture.

The vulnerability scanner has zero knowledge on the system landscape, criticality of the system being evaluated and most importantly where is the scanner placed in the network.

Good practice is to assess the big picture, mark these are non-issues and forget it if it is just an internal system in isolated environment. Resources should be deployed on more important things.

Leave a Reply