When looking for a vulnerability management solution, organizations understandably have quite a few choices and many of those choices have been available for some time. However, vulnerability management is changing. While much of the evolution in vulnerability management has been incremental, there are some differences that really separate leading edge solutions from the pack.
Picking the right solution is important considering that there are new and evolving vulnerabilities to protect against, and new technology areas to manage. As a result, aligning with a vendor who understands the latest technology is crucial. While not all new CVEs (common vulnerabilities and exposures) are related to emerging technologies, the majority are, and if vulnerability management solutions are lagging in updates, it can leave your enterprise unnecessarily exposed.
However, embracing a solution that only focuses on the hottest emerging field, like public cloud or mobility, is dangerous. Finding a solution that offers balance is crucial considering one of the stats that surfaced in the recent Verizon Data Breach Investigation Report (DBIR). Specifically, 99.9 percent of the exploited vulnerabilities were compromised more than a year after the CVE publication.
When solutions are too focused on emerging technologies they often fail to shine a bright light on the older CVEs. Yet, the tally of really old CVEs in the DBIR suggests that vulnerability management program should include broad coverage. Just because a CVE gets old doesn’t mean hackers abandon its use.
Differences exist in how effectively competing solutions handle vulnerabilities in different environments as well. Consider, for example, the growing popularity of mobile and remote workers. How solutions handle vulnerability scanning of these assets often outside enterprise control can make a significant difference. The best solutions leverage a variety of technologies, including agents and integrate with complementary technologies like patch and mobile device management to increase scan flexibility and visibility.
When talking to providers, ask how they handle these old and new vulnerability management challenges. For more ideas on questions for providers, watch this on-demand webcast on “What to look for in a Cloud Vulnerability Management Solution.”