enterprisesecuritymag

SANS Institute Examines Intricacies of Vulnerability Management

By Enterprise Security Magazine | Monday, November 23, 2020

The positive takeaway is that most administrations follow best practices for vulnerability identification and are taking steps to rank vulnerabilities based on asset value and exploitability.

FREMONT, CA: Vulnerability Management (VM) is a recognized function of information security, but with technology configurations continuously evolving, cloud and container infrastructure expanding, VM's complications persist. In a new white paper and associated webcast 'SANS 2020 Vulnerability Management Survey', SANS Instructor, Analyst,and Author David Hazar shared his analysis of this year's survey results and discussed how organizations' vulnerability programs are maturing in response to varying technology, architecture, and design.

Established in 1989 as a collaborative research and education business, today, SANS Institute is the most trusted and one of the most extensive cybersecurity training and certification providers to experts in government and commercial institutions worldwide. Prominent SANS instructors teach more than 60 courses at in-person and virtual cybersecurity training events and on-demand. GIAC, an associate of the SANS Institute, authorizes practitioner skills through more than 35 hands-on, technical certifications in cybersecurity.

The positive takeaway is that most administrations follow best practices for vulnerability identification and are taking steps to rank vulnerabilities based on asset value and exploitability. A full 87% of the respondents said that they have some VM processes in place, and formal programs—usually leading in the increasing use of automation—are on the ascent. Nevertheless, responsibility for successful VM outcomes is shared across several teams, including IT, development, security, audit, or risk and compliance, making it hard to expose blind spots and tight timelines to remediation.

The webcast and white paper further outlined respondents' answers on the following topics:

• How businesses are discovering different types of vulnerabilities on diverse systems and their applications and discovery occurrences.

• What remediation procedures are operational and the level of maturity.

• How susceptibilities are ordered and whether deadlines are recognized.

• Who in the organization is accountable for the different processes associated to vulnerability management.

The end goal for all the effort is to empower organizations to effectively and competently remediate vulnerabilities; anything security can do to help identify and eliminate impediments will make remediationmuch easier for IT organizations.

Weekly Brief