What is #vulnerability management? #Processes and #software for #prioritizing #threats

Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here’s a look at some of today’s more innovative solutions.

Vulnerability management is the process of staying on top of vulnerabilities so the fixes can be more frequent and effective. Vulnerabilities in need of fixing must be prioritized based on which ones post the most immediate risk to the network. It’s handled in various ways by security companies working in the field, from training and best-practice implementations to filtering all the vulnerability noise down to just the most dangerous threats for a protected organization.

In cybersecurity, vulnerabilities are a big deal because without them, there would be very few breaches. But vulnerabilities on their own aren’t active threats, so it’s difficult for companies to figure out which to address, and in what order. This is especially true when the number of vulnerabilities climb to staggering levels — sometimes into the millions for larger networks.

Think of vulnerabilities like holes in a suit of armor. The holes might not instantly pose a problem, but probably will cause trouble eventually. Ideally, patching those holes before someone exploits one, sending an arrow through it for example, is a good idea. The problem in cybersecurity is that there are a lot of vulnerabilities.

Almost anything can become a vulnerability and thus a liability to network security. Things like unpatched operating systems, or programs and apps running old software versions are common vulnerabilities, as are siloed applications plugged into a modern network. On the more advanced side, attackers may find exploits that nobody else knows about, attacking a hole in the armor that was previously unknown. Even users can sometimes be considered vulnerabilities, especially today when many of the most targeted attacks, such as phishing, are designed to trick users into lowering the defenses for attackers.