Vulnerability management, defined as the cyclical practice of identifying, classifying, remediating and mitigating vulnerabilities, has been a basic element of the security posture in many global organizations. As the technology evolves by use of cloud, social and internet of things in organizations, the vulnerability management function grows more complex and critical.
Attend this session to hear directly from Sameer Shelke, Cofounder and CTO of Aujas, a global information risk management company on:
- The threat landscape and how it forces vulnerability management programs to evolve;
- How analytics and intelligence can be added to your vulnerability management program;
- A case study of one large, multinational organization that has experienced this evolution and growth
Background
Adding “analytics” and “intelligence” aspects to the vulnerability management function help to ensure that it keeps up with the challenging threat and risk landscape. For example:
Analytics: The vulnerability management program produces a large volume of data related to vulnerabilities, assets, trends, mitigation measures, gaps, compensating controls, etc. Converting the raw data to information using organization context and then to insights based on the risk landscape can provide real value for risk management decisions and actions.
As an example, analytical information on the vulnerability root cause, its link to vulnerability trends and assets can help effective mitigation. Similarly, vulnerability remediation analytics can help identify weakness in the process for improvements.
Intelligence: Typically, the vulnerability management process starts with vulnerability identification, which depends on vulnerability scanning. That’s the start in the find-and-fix process. A critical miss in the process can be any weakness in the “find” step, either due to tool functionality or zero day vulnerabilities.
Adding vulnerability intelligence to the management process from authoritative sources and mapping them to the organization assets and their specific configurations would remove critical gaps in the find process.
Source | Bankinfosecurity