In Part 1 of this series we discussed what vulnerability lifecycle management is, and why automating this process is crucial for long-term success. In an effort to help educate organizations on security and vulnerability automation, as well as guide them in their decision making processes, Swimlane Founder Cody Cornell answered three burning questions on the topic.
“What challenges organizations face when it comes to vulnerability management and how automation can help resolve them?” was answered in Part 1. So, without further ado, let’s see what he had to say regarding our two remaining questions…
Q: How can organizations strategically leverage the vulnerability data at their disposal?
A: In continually monitoring and managing potential security risks and environment changes, organizations receive large amounts of vulnerability data, both from internal activities such as vulnerability scanning but also from external sources such as Common Vulnerabilities and Exposures (CVE) and other vulnerability notification services. Both streams of data are extremely useful to an organization’s analysts, as the current security posture of a given host is an important factor in determining the validity and likelihood of a successful attack.
Authorized personnel can strategically leverage the vulnerability data collected from their automated platform by observing and analyzing it in context with the attack. This will help them better understand the severity of the attack and effectively implement proper next steps for remediation. In other words, vulnerability data provides massive context in order for network analysts and other related personnel to dig deeper into the breadth of their network attacks, alarms, etc.
Q: Do the majority of vulnerability lifecycle management tools available today include necessary levels of automation?
A: There are plenty of great solutions providers out there that have tried to provide a full lifecycle of scanning, reporting and other various elements of the vulnerability management process. However, it’s important to keep in mind that, like any other processes within a Security Operations Center, no two organizations will approach vulnerability management in the same way.
In other words, one company’s method of scanning and reporting on vulnerabilities is not reflective of the average corporate enterprise environment. Every organization has nuances that, unlike peer its peers, it may have to report on. For example, perhaps an organization groups its business units in a specific way and needs to report on them accordingly. Or, something that may appear very simple in the eyes of a vendor, such as an IP address, may store mission critical data or intellectual property for an organization and must therefore be intensely monitored.
Every organization prioritizes, monitors and manages these specific elements based on context, yet many vulnerability management tools today don’t scan or report based on this context. Conversely, a platform like Swimlane enables organizations to tailor their vulnerability management in order to marry it to their specific needs and desires. This kind of contextual automation enables organizations to understand their vulnerabilities in context of how they may affect them.
Overall, the global security and vulnerability management market is expected to increase from approximately 5.4 billion in 2014 to over $9 billion in 2019, representing a compound annual growth rate of 10.7 percent. Security and vulnerability automation is surely part of this massive market growth. Here are some security automation use cases that show how companies are benefiting from security operations automation platforms, which enable them to automatically resolve alerts, monitor and manage vulnerabilities, gather metrics, and run reports—and reap dividends as a result.
The post 3 Burning Questions About Automating Vulnerability Lifecycle Management—Part 2 appeared first on Swimlane.