Sunday, November 24, 2024

Trending Topics

HomeTechnologyWhat's The Future Of Vulnerability Management? Five Predictions For What Lies Ahead

What’s The Future Of Vulnerability Management? Five Predictions For What Lies Ahead

spot_img

Innovation What’s The Future Of Vulnerability Management? Five Predictions For What Lies Ahead Lisa Xu Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Sep 19, 2022, 07:30am EDT | Share to Facebook Share to Twitter Share to Linkedin CEO of NopSec .

getty The future of vulnerability management is full of promise and possibilities. Sure, there have been challenges in the past—plenty of them. Still, necessity being the mother of invention has created an opportunity for organizations to break free from the limiting conditions of the past.

I have advised Fortune 500 enterprises on data security, privacy and technology risk management, and I am optimistic about the future of vulnerability management. In this article, I’ll look at the path the industry has taken to get where it is today and examine the current challenges. I’ll share five of my predictions about vulnerability management and offer our hopeful view of what success in the future will look like.

Where The Industry Is Today In 2000, there were only about 1000 disclosed vulnerabilities, according to CVE details . Security teams could remediate each one without much thought about how an individual exposure affected the organization’s risk profile. In 2021, there were 20 times that many vulnerabilities disclosed.

CVSS scores help organizations understand their cyber risk by providing a quantifiable measure of the potential effects of an exploit. However, they lack any context for specific organizations and do not contribute meaningfully to understanding an organization’s specific cyber risks. MORE FOR YOU Google Issues Warning For 2 Billion Chrome Users Forget The MacBook Pro, Apple Has Bigger Plans Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event The next step in the evolution of vulnerability management was to add a layer of threat intelligence to CVSS scores.

This approach provides security practitioners with another data point to prioritize vulnerabilities, but there’s still no meaningful way to view their prioritization efforts in terms of business risk. CVSS provides insight into the threat an exploit poses to their infrastructure and systems. The threat intelligence layer adds an understanding of the probability of a threat actor exploiting a vulnerability but does not account for criticality in terms of the value of their specific assets.

All three—threat, probability and criticality—are needed to get a clear picture of the risks associated with a vulnerability. If you don’t know which things are truly important, you must assume all things are equally important. The blindness created by working in a security or developer role without a view of risk invariably creates three limiting conditions: chaos, silos and reactionary confusion.

The future of vulnerability management will likely be chaotic if teams continue relying on manual methods to triage signals and share information. Automation and machine learning can help teams filter through the data and prevent overload. By automating the process, teams can focus on addressing the most critical vulnerabilities and improving security.

When teams don’t work together effectively, silos form. This lack of communication can be caused by organizational structures that limit the ability of DevOps and security teams to collaborate or by teams retreating into their respective silos because of the tension caused by whack-a-mole-like threat remediation strategies. By working together, DevOps and security teams can share information and ideas more effectively, which will help reduce the number of silos.

Without a plan that establishes what to fix first and why, reactionary confusion can rule the day when responding to celebrity vulnerabilities. CVSS scores and news headlines come without context, which can lead to a firefighting approach that is not strategic. Five Predictions About The Future Of Vulnerability Management Prediction 1 : Conventional network scanners will become obsolete.

Mediation will be risk-based, so teams will scan less and patch less. Prediction 2 : Vulnerability management will no longer be a stand-alone category but will evolve into a broader configuration management category. Prediction 3 : Automated insight primarily will be about context-rich customer unique information, including environmental contexts, assets, users and controls.

Prediction 4 : Application and infrastructure vulnerability management will converge into one process. Prediction 5 : Full automation—discovery, prioritization and remediation—will happen everywhere. What Success Will Look Like In 2022 And Beyond The key to successful vulnerability management in the future will be organizations that can change how work is done in the field.

Analysts will no longer have to do tedious data triage, normalization and correlation by hand—it will all be done by machines. This will allow them to focus on making risk-based decisions, which analytics driven by machines will support. Machine-based data processing will become mainstream in successful organizations.

This will include contextualized prioritization and analytics, which will help to break down silos and manage risk. The importance of vulnerability management in enterprise cyber risk management cannot be overstated. The intelligence gathered from vulnerability management can help with incident response, threat hunting and other aspects of the cyber program.

Conclusion Regardless of the challenges created by a failure to keep up with business needs historically, the future of vulnerability management is bright. To realize the benefits promised by this bright future, organizations must act now. The right partner will help you avoid the chaos, siloed work relationships and reactionary confusion so common in the industry today, as well as prioritize vulnerabilities based on the actual risk to your organization.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify? Follow me on LinkedIn . Check out my website .

Lisa Xu Editorial Standards Print Reprints & Permissions.


From: forbes
URL: https://www.forbes.com/sites/forbestechcouncil/2022/09/19/whats-the-future-of-vulnerability-management-five-predictions-for-what-lies-ahead/

DTN
DTN
Dubai Tech News is the leading source of information for people working in the technology industry. We provide daily news coverage, keeping you abreast of the latest trends and developments in this exciting and rapidly growing sector.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

Must Read

Related News