Get rid of network CREAPs

Last week, I was helping an enterprise-level security team identify seriously at-risk systems.  My scope included Windows and UNIX hosts, regardless of what applications these systems were hosting.  As a Qualys customer, they already scan close to 800 servers on a weekly basis, so I had fresh vulnerability information that I could analyze.  The team’s current approach to prioritizing patch …