dcsimg

Top Barriers to Effective Vulnerability Risk Management

  • Top Barriers to Effective Vulnerability Risk Management-

    Barrier #1 – A Reactive Mindset

    So why are traditional vulnerability risk management programs now failing? Too many organization focus on recovering from an attack rather than preventing a breach in the first place. Taking a reactive approach, IT and security teams focus most of their efforts repairing systems and mitigating damage after an attack has already occurred.

    However, while an alarming majority of applications do have security vulnerabilities, most issues are the result of setup errors rather than the application code itself. Organizations need to proactively identify and remediate vulnerabilities stemming from server misconfigurations, improper file settings, sample content, outdated software versions, and other items related to insecure deployment. Reactive initiatives are not enough – it is time to prioritize prevention.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12

Top Barriers to Effective Vulnerability Risk Management

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
  • Top Barriers to Effective Vulnerability Risk Management-3

    Barrier #1 – A Reactive Mindset

    So why are traditional vulnerability risk management programs now failing? Too many organization focus on recovering from an attack rather than preventing a breach in the first place. Taking a reactive approach, IT and security teams focus most of their efforts repairing systems and mitigating damage after an attack has already occurred.

    However, while an alarming majority of applications do have security vulnerabilities, most issues are the result of setup errors rather than the application code itself. Organizations need to proactively identify and remediate vulnerabilities stemming from server misconfigurations, improper file settings, sample content, outdated software versions, and other items related to insecure deployment. Reactive initiatives are not enough – it is time to prioritize prevention.

When it comes to the effectiveness of traditional vulnerability risk management programs, the challenges are often rooted in the process itself. Simply put, there are many manual steps (and often missteps) – from vulnerability scanning and detection to verification, impact analysis, and remediation – all of which can consume up to 40 percent of the IT organization's resources.

Given the labor-intensive list of to dos, many IT organizations use vulnerability management tools merely as a means to help document system compliance with industry or government regulations. Vulnerability management has become a "one-and-done" task, contributing to a less than effective outcome, as new technologies – and threats – are constantly being introduced into the environment.

NopSec CTO Michelangelo Sidagni explores how the manual aspects of vulnerability risk management cause broader challenges that can overwhelm IT departments and cripple their remediation efforts.