Attend this session to hear directly from Sameer Shelke, Cofounder and CTO of Aujas, a global information risk management company on:
Adding “analytics” and “intelligence” aspects to the vulnerability management function help to ensure that it keeps up with the challenging threat and risk landscape. For example:
Analytics: The vulnerability management program produces a large volume of data related to vulnerabilities, assets, trends, mitigation measures, gaps, compensating controls, etc. Converting the raw data to information using organization context and then to insights based on the risk landscape can provide real value for risk management decisions and actions.
As an example, analytical information on the vulnerability root cause, its link to vulnerability trends and assets can help effective mitigation. Similarly, vulnerability remediation analytics can help identify weakness in the process for improvements.
Intelligence: Typically, the vulnerability management process starts with vulnerability identification, which depends on vulnerability scanning. That’s the start in the find-and-fix process. A critical miss in the process can be any weakness in the “find” step, either due to tool functionality or zero day vulnerabilities.
Adding vulnerability intelligence to the management process from authoritative sources and mapping them to the organization assets and their specific configurations would remove critical gaps in the find process.
Source | Bankinfosecurity
