Regarding the Qualys Patch Management event that took place yesterday.
I liked:
Cool report by Eran Livne about Patch Management capabilities in Qualys. 
Especially about creating linked patching tasks (first for a test scope, and a week later for a full scope) and about the ability to isolate hosts as a mitigation option (access remains only from the Qualys cloud). The part about new TruRisk Eliminate was also interesting. Adam Gray beautifully justified the need for mandatory patching (since prevention doesn’t really work 
).
I didn’t like:
Most speakers focused on other information security topics rather than patch management. I think it would have been possible to select more thematic reports for this event. I simply can’t accept theses like “you don’t need to patch all vulnerabilities”. My position: you need to patch everything. And workarounds are good for a while UNTIL a patch is installed.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.