Overview

After years spent in a comfortable routine, vulnerability management is now being forced to improve its performance. The current programs are increasingly ill-adapted to new modes of attack and an accelerating pace of business. Although organizations periodically run configuration audit and network scanning tools, considerable time and effort are spent on discussing the results, coordinating responses, and tracking closures. Consequently, the end mitigation is slow and partial. At any given time, there may be a large gap between the number of vulnerabilities reported and their actual closures of vulnerabilities. As a result, both protection and productivity suffers.

“Established vulnerability management is ill-adapted to new modes of attack and an accelerating pace of business. Forward-looking CISOs already know that their VM programs need to be repositioned.”

Forward-looking Chief Information Security Officers (CISOs) are changing their VM programs to shift the focus from running scans to reducing the impact of vulnerabilities on the organization. Paladion gathered insights from CISOs about the future of VM programs in their enterprises in different industry segments, identifying key trends likely to now apply to organizations everywhere.