The Year Ahead for Vulnerability Management

This is the time of year when companies gaze into their crystal ball and try to discern what lies ahead. And nobody is better at predictions than an industry analyst. Javvad Malik is a Senior Analyst for the Enterprise Security Practice at 451 Research. He recently posted a tongue-in-cheek video “2014 Information Security Predictions” on his blog, which warned of the imminent ‘Advanced Advance Persistent Threats’. Mr. Malik was kind enough to respond in a more serious manner to my questions regarding the coming year for vulnerability management.

Complexity and rate of change are the real risks

Based on the reports of new cyber-security breaches in the news, it would appear that attackers are becoming increasingly sophisticated in their tactics. It is clear that the number of attack surfaces is expanding. What area of IT security represents the most significant real risk to companies?

Javvad Malik:“There are many risks which vary depending from company to company. But largely I’d say complexity and rate of change can pose a risk, particularly for larger enterprises which struggle to maintain a grasp on what IT assets they have and what the crown jewels are.”

Taking business-relevant risk in a positive direction

Vulnerability management providers have been innovating to help businesses to keep up with, and hopefully ahead, of the cyber-attackers. What are the industry trends for vulnerability management that give you the most optimism?

Javvad Malik: “Optimism is a strong word. I am encouraged that many vendors are contextualizing vulnerabilities so that they can be translated into either business-relevant risk; or so that the information can be used in conjunction with other systems.”

 

Do this: Prioritize and patch

One of the paradoxes that many companies face is not a lack of vulnerability data information; instead they suffer from data overload. It is common for an IT Security Professional to have limited time and resources while the complexity of their environments continue to grow. If they could focus on only one thing regarding vulnerability management this year, what would you suggest?

 

If you are interested in more industry insights, please visit 451research.com. To learn about NopSec’s unique approach to vulnerability management and how we can help your business to address the suggestions discussed in this article, please download the Best Practices Guide: Vulnerability Management.