The science and technology behind vulnerability management has changed a lot in a short time. When originally deployed, vulnerability management companies acted almost like antivirus vendors in that they tried to get their scanners to uncover as many potential threats as possible. They would even brag about being able to detect more vulnerabilities hiding in testbeds than their competitors.
The trouble with that logic is that unlike viruses and other types of malware, vulnerabilities are only potentially a problem. For a vulnerability to be truly dangerous, it must be accessible to an attacker and relatively easy to exploit. So, a vulnerability sitting on an internal resource isn’t much of a potential threat, nor is one that requires additional components like secure access to other network services. Knowing what is truly dangerous is important so that you can plan what to fix now, and what to put off until later or even ignore.
It’s also helpful to categorize vulnerabilities based on their potential impacts should they be exploited. This includes the potential severity of the exploit like wiping out an entire database versus locking out a single user and the value of the resources affected. Having your public-facing website defaced is embarrassing, but having confidential data stolen can be critical.
The best vulnerability management programs should add context to scans. Some even offer automatic fixes, training or preventative assistance using artificial intelligence (AI). Understanding compliance standards, legal mandates and best practices that apply to the organization launching the scan is also important. With potentially thousands of vulnerabilities hiding in any large enterprise network, it’s the only way that fixes can be reliably prioritized.
The following five products push the envelope for at least one aspect of vulnerability management.
Kenna Security Vulnerability Management
The Kenna Security Vulnerability Management platform was one of