Elevating Security with Risk-based Vulnerability Management

Security risk management needs effective vulnerability management, not just point-in-time or ad-hoc vulnerability assessments. While assessments are important, they are only part of a broader program essential for managing security risk and posture in modern IT environments.

This Enterprise Strategy Group (ESG) whitepaper explores the need for a risk-based vulnerability management (RBVM) program to effectively reduce risk and enhance security posture. The report showcases the value of Tenable Vulnerability Management as a modern, purpose-built platform that is central to helping organizations evolve from vulnerability assessments to a modern vulnerability management program.

Legacy [vulnerability assessment] tools themselves may be cheaper, but the additional human hours required to drive productive action out of the findings end up being more expensive than the software savings.

Research Highlights:

• Organizations face multiple challenges with their current vulnerability management processes and tools with 28% struggling to use tools that are not automated and 28% lacking detailed vulnerability tracking where no patch is available
• 76% of organizations have suffered a cyberattack as a result of an unknown, unmanaged, or poorly managed internet-facing asset
• More than a quarter of organizations rely on a risk score to prioritize vulnerabilities, such as one from an attack surface management system (cited by 28%) or from a vulnerability management tool (28%), and nearly one-third (30%) of organizations prioritize vulnerabilities based on business criticality

Source: Enterprise Strategy Group by TechTarget, White Paper: Elevating Security With Risk-based Vulnerability Management, By David Vance, Senior Analyst, June 2024