Mobile and remote devices pose an interesting challenge for your vulnerability management program. The foundation of most vulnerability management programs is doing active vulnerability assessments. But devices that aren\u2019t connected to the local network while a vulnerability assessment is taking place are not included.\nThe mobile and remote devices need to be included in the vulnerability management program because, after all, these devices are not immune to the types of vulnerabilities, configuration errors and malware that plague other IT assets.\nWith the proliferation of devices, vulnerabilities in mobile and remote devices can become a really big deal, really fast. A recently discovered vulnerability in Stagefright, a piece of code in Android, can be exploited by hackers to send malware to any user via text message. If the reports are correct, your device can be infected even if you don\u2019t open the message. Almost a billion phones are at risk.\nFortunately technology is available so these mobile and remote devices can be included in your vulnerability management program. We\u2019ll explore a couple of options in this article.\nMobile Devices \nA big challenge with mobile devices is that they\u2019re mobile. They hop from 3G to 4G to wireless networks seamlessly and are turned off and on at random times.\nA good technology to implement for mobile devices is mobile device management (MDM). With MDM, you set policies for devices to follow; for example: enabling remote wipe, turning on encryption, or setting complex passcodes. Security teams often struggle to verify that IT is enforcing the mobile policies and it can be overwhelming to manually dig through MDM system logs. By integrating MDM auditing with your vulnerability management solution you can automatically audit those MDM results and flag devices that do not adhere to policy.\nRemote Devices \nWhile they\u2019re similar to mobile devices, Windows and Mac laptops that remote workers use introduce different vulnerability management challenges. For example, not that long ago, most laptop access was through a secure VPN to get to company resources. Today, with more things being accessed through the cloud, typical remote employees probably don\u2019t use the VPN at all, and can still get all of their work done.\nTo include these portable devices in your vulnerability management program, you can run a program directly on the devices that collect vulnerability data and report back to a central vulnerability manager. In many vulnerability solutions, these programs are called agents. Any agent must be lightweight, secure, and easy to install and update. Agents matching those criteria can collect vulnerability, configuration and malware data on remote devices, and can report results back to a central manager, making them a useful strategy for including remote devices in your vulnerability management program.\nBut while technology can capture a massive amount of vulnerability data, if stays in a silo, it\u2019s just a bunch of data. And it\u2019s easy for data to stay in silos because the technology that obtains it is often owned by different groups \u2013 like IT and security. By working together to integrate data into the overall vulnerability management program, you\u2019ll get a big picture view that helps you make better decisions on what to spend, policies to put in place, and how to prioritize resources.\nFor more ideas on improving your vulnerability management program, download Tenable\u2019s free eBook: 10 Steps for Achieving Effective Vulnerability Management.