Blog

Today Is The Day to Implement Risk-Based Vulnerability Management

Just the other week Anton Chuvakin from Gartner published an article in response to a skeptic of vulnerability management (VM). They asked him, “…why bother focusing on your vulnerabilities at all? Is this all “compliance B.S.” and not “real security”? Is being vulnerable even correlated with being compromised or breached?”

Well, we’re here to tell you that vulnerability management is important and does make a difference in the fight against cyber threats. But we’re not talking just any vulnerability management. It needs to be risk based.

We here at Kenna firmly believe that legacy approaches to vulnerability management—remediation based solely on CVSS scores, patch Tuesday or news headlines —don’t suffice in today’s constantly expanding threat landscape. You don’t want to just close vulnerabilities. You want to maximize your time and effectiveness by closing the right ones.

For that reason, you need to shift focus from counting vulnerabilities to managing risk. Adopting a risk management approach means focusing on the issues that pose the greatest danger to the business. By doing so, security teams can ensure that they’re focusing their limited resources on the vulnerabilities that matter most.

As Anton’s article said, “The difference between “VM that works” and “busybody fake VM” is in the logic used for prioritization of what to remediate (such as patch) or mitigate (such as shield with a NIPS or a WAF).

So:

  • Vulnerability management done without significant thinking about remediation priority may in fact also be pointless (vs the labor spent).
  • However, ”risk-based” vulnerability management does deliver real security value – as long as you actually practice it!””

 

In fact, Gartner believes that “by 2022, approximately 30% of enterprises will adopt a risk-based approach to vulnerability management.”

Don’t wait to adopt risk-based vulnerability management. Be at the forefront by trying the Kenna Security Platform today. Kenna Security was selected as one of Gartner’s 2018 Cool Vendors in the Cool Vendors in Security Operations and Vulnerability Management report. You can download a complimentary copy of the Cool Vendor report here.

 

Gartner, “Cool Vendors in Security Operations and Vulnerability Management,” Kelly M. Kavanagh, Anton Chuvakin, Craig Lawson, Toby Bussa, Pete Shoard, 3 May 2018.

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.