How to Operationalize a Risk-based Approach to Vulnerability Management

March 12, 2018 Sam Osborn

When large enterprises like Equifax lose sensitive data because a known vulnerability was left unpatched, something clearly isn’t working. Cyber attackers continually evolve their tactics, and security organizations have to evolve right along with them.

At Kenna Security, we’re helping companies change the way they approach vulnerability management, and it all starts with a mindset. Instead of managing vulnerabilities, we talk about managing cyber risk. A risk-based approach to vulnerability management shifts the focus away from quantity to criticality. Instead of thinking, “I’ll close X vulnerabilities this month and hope our risk goes down,” the organization knows which three vulnerabilities to close to reduce risk by 20%. Big difference, right?

Adopting a risk-based approach to vulnerability management requires the ability to prioritize the vulnerabilities that pose the greatest risk to the organization. When you do this, amazing things start to happen:

  • You can start measuring real risk and understand how best to reduce it.
  • The executive team understands the company’s security posture and the resources required to enable continuous improvement.
  • Security and remediation teams become more productive, as they can close fewer vulnerabilities while producing a greater reduction in risk.

Of course, if prioritizing vulnerabilities was easy, organizations wouldn’t be slogging through spreadsheets—or losing data via unpatched vulnerabilities. So how do you make it happen? This is the question we set out to answer in our newest white paper, How to Implement a Risk-based Approach to Vulnerability Management. We explain the three steps necessary for operationalizing cyber risk management:

Step 1: Establish meaningful metrics

Step 2: Integrate risk into operational processes

Step 3: Embrace opportunities to automate processes and become predictive

We hope you’ll download the white paper to learn more about implementing cyber risk management in your organization, because the old way of approaching vulnerability management—counting closed vulnerabilities—doesn’t cut it. It’s time for a new approach, one that’s focused on risk.

The post How to Operationalize a Risk-based Approach to Vulnerability Management appeared first on Kenna Security.

Previous
Close What Matters: 5 Requirements for Reducing Vulnerability Risk
Close What Matters: 5 Requirements for Reducing Vulnerability Risk

This whitepaper discusses the essential steps your organization needs to prioritize high-risk vulnerabiliti...

Next Article
Join Kenna on April 24 To Learn How Security Pros Can Accurately Report Their Organization’s Risk Posture to the Board and Increase Confiden
Join Kenna on April 24 To Learn How Security Pros Can Accurately Report Their Organization’s Risk Posture to the Board and Increase Confiden

As cybersecurity professionals, we all know how frustrating it can be when you feel like you’re fighting at...