Often organizations are hacked because a machine wasn't patched. What we’re noticing at Bit Discovery is many times the org actually DID properly patch other systems, just NOT the one that was hacked. Turns out the exploited system would've been patched if they knew it existed.

Finding all of an organizations assets is very similar to finding all their vulnerabilities. This may be a slightly controversial statement, but having spent nearly 2 decades working in vulnerability management, asset inventory is proving to be more technically challenging.