Sales Director at a tech services company with 11-50 employees
User
Aug 21, 2021
Vulnerabiity Assement is a useful process but it's still a snap-shot of your security posture.
Risk-based Vulnerabiity Management is a dynamic, ongoing process as part of your cyber protection strategy, integrating with your installed systems, monitoring progress and taking your assets criticality into consideration.
Search for a product comparison in Vulnerability Management
Technology Advisor- CyberSecurity & Digital Transformation at Enterprise Visions
User
Jun 4, 2020
As soon as a vulnerability assessment is complete, it is obsolete. Your environment changes daily/weekly/monthly. Assessments are "a point in time". Vulnerability Management is continuous, and seems to me to be the better strategy.
A risk-based approach is more effective but we need to go beyond just risk-based vulnerability assessment. We need to take into account the impact on our business and brand reputation of data being compromised, we need to take into account whether we are getting better or worse at securing our data and we need to be clear that we need continuous monitoring to maintain our security posture. We also want to see our risk score in an easily understandable way
I think risk-based vulnerability managemente it´s the way to go since you only try to solve those vulnerabilities that represent a real risk intead of just using the CVSS score. For example when you use a risk-based approach you take into account the level of importance (based on business) of the system you are trying to protect.
Director at a tech services company with 1-10 employees
Reseller
Jun 4, 2020
YOU are right that earlier vulnerability assessment was very basic and done as reactive manner, after that proactive manner was introduce where it use to compare with best practice and industry threats. But now in this world of ZERO day attack we really need very Advance and RIsk base vulnerability assessment solution. And as per me this tool need to be base on AI and ML. It means Tool should contain power of Analytics & AI, Real Time Risk Monitoring, Report, Verify & Action.
Vulnerability Management involves identifying, assessing, and addressing security vulnerabilities within an organization's IT framework to protect against potential threats.This practice is essential for organizations to maintain their security posture, minimizing risks associated with security breaches. Solutions in this category provide tools that help detect vulnerabilities across networks, applications, and hardware. Effective management includes regular scanning, patching, and...
Vulnerabiity Assement is a useful process but it's still a snap-shot of your security posture.
Risk-based Vulnerabiity Management is a dynamic, ongoing process as part of your cyber protection strategy, integrating with your installed systems, monitoring progress and taking your assets criticality into consideration.
As soon as a vulnerability assessment is complete, it is obsolete. Your environment changes daily/weekly/monthly. Assessments are "a point in time". Vulnerability Management is continuous, and seems to me to be the better strategy.
A risk-based approach is more effective but we need to go beyond just risk-based vulnerability assessment. We need to take into account the impact on our business and brand reputation of data being compromised, we need to take into account whether we are getting better or worse at securing our data and we need to be clear that we need continuous monitoring to maintain our security posture. We also want to see our risk score in an easily understandable way
I think risk-based vulnerability managemente it´s the way to go since you only try to solve those vulnerabilities that represent a real risk intead of just using the CVSS score. For example when you use a risk-based approach you take into account the level of importance (based on business) of the system you are trying to protect.
YOU are right that earlier vulnerability assessment was very basic and done as reactive manner, after that proactive manner was introduce where it use to compare with best practice and industry threats. But now in this world of ZERO day attack we really need very Advance and RIsk base vulnerability assessment solution. And as per me this tool need to be base on AI and ML. It means Tool should contain power of Analytics & AI, Real Time Risk Monitoring, Report, Verify & Action.