Vulnerability Management Overview

The increasing growth of cyber-crime and the associated risks are forcing most organizations to focus more attention on information security. A vulnerability management process is an integral component of an organization’s effort to control information security risks. This process allows an organization to obtain a continuous overview of vulnerabilities in their IT environment and the risks associated with them. By identifying and mitigating vulnerabilities an organization reduces the opportunities attackers have for penetrating their networks and stealing information.

Vulnerability management is the process in which vulnerabilities are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization (e.g. in case the impact of an attack would be low or the cost of correction does not outweigh possible damages to the organization).

The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure, or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation, etc.

Reduce vulnerability window of exposure

Mature vulnerability management programs include consistent and ongoing assessment of critical assets. As a result, vulnerabilities are identified much faster and may be corrected in a more timely manner.

Detect more than just vulnerabilities

By checking networks in a systematic fashion, vulnerability management also allows detection of rogue devices, or systems that have not been properly hardened before being placed on the network. These instances and others like them may identify big picture weaknesses in the security program that extend beyond specific vulnerability management concerns.

Vendor agnostic, solution focused

Our primary goal in developing effective security programs is results; the reduction of risk. To support that goal, we leverage pre-existing tools and technologies already in place at our customers to the best of our ability in designing and implementing security capabilities that have the best possible chance of complete adoption and successful implementation.