Required Reading for Vulnerability Management Market Insights

Do you ever wish there was a single document that would answer all your burning questions? If you’ve ever moved into a new role or industry, you know exactly what I’m talking about. For vulnerability management that report was published by Frost & Sullivan, titled “How Market Trends and Changing Threats will Shape the Future of the Market.”

Chris Rodriguez, Security Analyst, created this presentation at the end of 2010 and many of his predictions were spot on. The only real criticism I have of the publication is that that NopSec is not mentioned… but since NopSec did not enter the vulnerability management market until the launch of Unified VRM in November 2011, I don’t have a valid grievance.

Defining vulnerability management

NopSec defines vulnerability management as the ongoing practice of detecting, classifying, prioritizing, and remediating security vulnerabilities in IT infrastructure and applications. Vulnerability management requires an automated process to efficiently address exploitable security holes as well as a documented security policy that is adhered to in order to drive compliance. The report linked above provides Frost & Sullivan’s market segmentation includes vulnerability assessment, patch management, application security, and vulnerability intelligence. For the uninitiated, it might be surprising to learn about all the subcategories that define IT security. Vulnerability management is a top-level category.

Market drivers for vulnerability management

The market drivers have evolved over the past few years. “Unmanageable number of vulnerabilities and patches” and “increasing attack vectors” are commonly cited by NopSec customers. Regulatory compliance requirements have also been an important trend as government regulators and external auditors become more attuned to the importance of IT security. Of course, the sheer number of cyber-attacks that are reported in the headlines is increasing awareness to security issues. These, and other drivers, help NopSec engineers focus our R&D efforts.

Market restraints for vulnerability management

On the flip side, there are restraints that continue to hinder the IT security space. One of the issues that we see with some of our customers is that compliance is the sole objective, which results in companies doing the bare minimum. This also occurs when security is viewed as a cost item to be minimized. Another interesting inhibitor to successful vulnerability management is the common practice of separating IT operations, development, and the security teams within an organization. This action, by nature, adds a level of internal complexity into the remediation process… something we address with collaboration features within Unified VRM.

Vulnerability management’s evolution from penetration testing

NopSec incorporates penetration testing into every engagement we have with customers. Vulnerability scanners are used to uncover vulnerabilities in networks and systems in a more automated fashion. Penetration testing is a key part of vulnerability management because it addresses specific vulnerabilities that may not be obvious from purely the scanning perspective. By simulating a real-world attack, potential vulnerabilities identified by scanners can be exploited and confirmed.

Learn more about NopSec’s proactive approach to vulnerability management and the methodology we use to secure applications and infrastructure from security breaches. Download our Best Practices Guide: Vulnerability Management for more information.