The Cost Savings of Effective Vulnerability Management (Part 3)

May 21, 2020
Charles Coaxum
VP of Customer Experience

Share with Your Network

In our last blog of this series, we looked at how reducing friction between IT and security can boost efficiency for an organization—a critical benefit for any organization that finds themselves tightening their belts. In this final blog, we’d like to take a closer look at some of the other ways in which risk-based vulnerability management can save time and, subsequently, free up valuable resources and stretch your dollars a bit further. 

Let’s paint the picture with the help of some data. 

Vulnerability Investigation


First and foremost, the job at hand is about taming your vulnerabilities. The task of investigating vulnerabilities in a traditional approach is often manual and lacks the context necessary to understand what vulnerabilities pose a real risk to the organization. But when you can easily understand the vulnerabilities within your environment and quickly determine which pose a real risk and higher priority, you are bound to see a reduction in time spent. In a recent survey of Kenna Security customers, 74% of respondents reduced vulnerability investigation by over 25% since adopting a data science-driven, risk-based approach. Further, 55% of organizations reduced their time spent on vulnerability investigation by over 50%.



Vulnerability Remediation


The process of remediation is much simpler when you’re not trying to patch things randomly or take on too many patches at once. With risk-based vulnerability management, you’re moving away from spreadsheets, and IT and security alike understand precisely what needs patching, why it needs to be patched, and what impact those patches have on your organization’s overall risk posture. There’s no more arguing, no more guessing—just action. The proof is in the pudding on this one, too. In our customer survey, 68% of organizations reduced time spent on remediation by over 25% with a risk-based approach. Further, 44% of organizations reduced the time spent on remediation by over 50%. 


Reporting on Risk


We’re no stranger to tales of reporting woes, and if you’ve been in this space for any amount of time, you likely aren’t either. Every organization we’ve worked with has struggled to some degree with reporting effectively. Our executive leadership needs to understand our risk posture over time, but how do I demonstrably visualize this? How do I prove my team’s work is yielding results? Our customer survey showed that 78% of respondents have been able to reduce time spent on reporting by more than 25% since adopting a risk-based approach; 53% of respondents have reduced that time by more than 50%. 


From the investigation to remediation to reporting, saving time, and freeing resources to focus on other priorities is essential. And in the world’s “new normal” today, we know all too well that priorities are not in short supply, although resources surely are. 

I hope that I helped give a little insight into the time savings gained from a modern vulnerability management approach. I recommend you take a look at the earlier blogs in this series as well to find out more about the cost and resource savings. 

And if you’re interested in learning more about how a risk-based approach to vulnerability management can help you improve your risk posture while navigating limited resources, please set up a demo.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.