uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites,’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.


The Year Ahead for Vulnerability Management

This is the time of year when companies gaze into their crystal ball and try to discern what lies ahead. And nobody is better at predictions than an industry analyst. Javvad Malik is a Senior Analyst for the Enterprise Security Practice at 451 Research. He recently posted a tongue-in-cheek video “2014 Information Security Predictions” on his blog, which warned of the imminent ‘Advanced Advance Persistent Threats’. Mr. Malik was kind enough to respond in a more serious manner to my questions regarding the coming year for vulnerability management.

Complexity and rate of change are the real risks

Based on the reports of new cyber-security breaches in the news, it would appear that attackers are becoming increasingly sophisticated in their tactics. It is clear that the number of attack surfaces is expanding. What area of IT security represents the most significant real risk to companies?

Javvad Malik:“There are many risks which vary depending from company to company. But largely I’d say complexity and rate of change can pose a risk, particularly for larger enterprises which struggle to maintain a grasp on what IT assets they have and what the crown jewels are.”

Taking business-relevant risk in a positive direction

Vulnerability management providers have been innovating to help businesses to keep up with, and hopefully ahead, of the cyber-attackers. What are the industry trends for vulnerability management that give you the most optimism?

Javvad Malik: “Optimism is a strong word. I am encouraged that many vendors are contextualizing vulnerabilities so that they can be translated into either business-relevant risk; or so that the information can be used in conjunction with other systems.”


Do this: Prioritize and patch

One of the paradoxes that many companies face is not a lack of vulnerability data information; instead they suffer from data overload. It is common for an IT Security Professional to have limited time and resources while the complexity of their environments continue to grow. If they could focus on only one thing regarding vulnerability management this year, what would you suggest?


If you are interested in more industry insights, please visit To learn about NopSec’s unique approach to vulnerability management and how we can help your business to address the suggestions discussed in this article, please download the Best Practices Guide: Vulnerability Management.

Schedule a Product Demo Today!

See how NopSec's end-to-end Cyber Exposure Management platform can organize your security chaos.