SECRET OF CSS

6 top vulnerability management tools and how they help prioritize threats


Not only has vulnerability management changed considerably over the years, but so have the systems on which enterprise security teams must identify and patch. Today there are systems on-premises, IoT devices, public and private clouds, and substantially more custom applications. No more do vulnerability management systems just focus on networks and private hosted applications. Today, they must be able to assess all of these systems and identify the vulnerabilities and help enterprise security teams make better remediation decisions.

For vulnerabilities to be dangerous, they have to be exploitable. A vulnerability on a system that can’t be exploited isn’t much of a danger. Knowing what is truly dangerous is essential so enterprises can plan what to fix immediately and what can be patched or mitigated later.

It’s also important to categorize vulnerabilities based on their potential impact should they be exploited. This includes the potential severity of the exploit, like wiping out an entire database versus locking out a single user, and the value of the resources affected. Having your public-facing website defaced is embarrassing, but having confidential data stolen can be critical and lead to mandated breach disclosures and regulatory fines.

The best vulnerability management programs should add context to scans. Some even offer automatic fixes, training, or preventative assistance using artificial intelligence—understanding compliance standards, legal mandates, and best practices that apply to the organization launching the scan.

With potentially thousands of vulnerabilities hiding in any extensive enterprise network, it’s the only way that fixes can be reliably prioritized and risk reduced. The following six products push the envelope for at least one aspect of vulnerability management.

Qualys VMDR

Qualys was the first SaaS vulnerability management platform launched in 1999. Back then, enterprise devices were connected to the corporate internal network, and vulnerability scanners assessed those internal networks and the few apps hosted and facing the internet. Today. It’s not that simple. There are on-premises systems, more custom-built software, cloud systems, more open-source software, and virtualized systems.

Copyright © 2022 IDG Communications, Inc.



News Credit

%d bloggers like this: