Kenna Security is now part of Cisco

|Learn more
Contact Us
Talk to an Expert
Request a demo

What is Vulnerability Management?

Jun 23, 2020
Jason Rolleston
Chief Product Officer

Share with Your Network

Vulnerability management is a cybersecurity process of proactively identifying, tracking, prioritizing, and remediating security weaknesses and flaws in IT systems and software in order to prevent malware outbreaks, data theft, and other impacts of a cyber breach such as reputation or brand damage.

Why Is Vulnerability Management  So Important?


At an enterprise IT level, vulnerability management is a complex practice with responsibility over thousands of laptops, servers, and internet-connected devices like printers and routers. 

A vulnerability management program is core to preventative security hygiene and is a central component of any cybersecurity strategy.

How It Works


Organizations identify vulnerabilities using commercially available scanners that examine applications and software for known flaws in code, as well as misconfigurations that cause security weaknesses. Most of the vulnerabilities are categorized through the National Vulnerability Database (NVD), and given unique identifiers through the Common Vulnerabilities & Exposures (CVE) list. Some scanners may also identify vulnerabilities not found in the NVD. 

Distribution of the total number of assets affected by CVEs.

Vulnerability scans at large organizations can cumulatively identify thousands of security risks  on each machine, and millions of vulnerabilities across the entire organization. There are typically more vulnerabilities than an organization has capacity to fix. Our research shows that, on average, companies can only remediate about one in 10 vulnerabilities on their systems. This capacity deficit puts enormous pressure on cybersecurity professionals to prioritize vulnerabilities based on which they perceive to pose the most danger to their organization. 

When remediating vulnerabilities, IT teams may have multiple patches from which to choose. IT teams must use their best judgement to select patches that do not result in new misconfigurations and or interoperability conflicts. 

Its Success Depends on You


While vulnerability management is a central component to any cybersecurity strategy, organizations vary widely in their success. For example, many organizations rely on outdated models to prioritize vulnerabilities. Outdated models might prioritize vulnerabilities that, if exploited, could result in significant damage to the organization, even when there is little actual risk that a threat actor would target that specific vulnerability for technical reasons. 

That’s why here at Kenna Security we recommend a risk-based approach to vulnerability management over other models. I will tell you more about risk-based vulnerability management in a future post.

Share with Your Network

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities: through the lens of common asset platforms. Download the research report to learn more about the key findings: Common asset platforms and their typical risk profiles…


5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is just as critical to IT as it is to Security and DevOps.  And it’s worth getting right: Vulnerabilities can leave your most strategic assets—and your business itself—exposed to cyber threats…




Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You can learn more about the Exploit Prediction Scoring System and use the interactive calculator here:…

Sign up to get the latest updates

© 2021 Kenna Security. All Rights Reserved. Privacy Policy.