top of page
  • Writer's pictureMichael Meis

What Is Vulnerability Management?

It seems like such a simple question, right? However, we continue to see a relatively high number of organizations who conflate patch/bug management with vulnerability management. While they are related, bugs and patches are just one piece of the vulnerability puzzle. For a true vulnerability management program, we have to think beyond the CVE’s to truly understand where our soft spots are.

  • Asset Management – The foundation of all vulnerability management and simultaneously the hardest to accomplish. We must understand and control what all is in our environments (systems, software, IoT devices, etc.) as well as understand how they are all connected to each other.

  • Architectural Management – Where we define and enforce architectural standards to ensure our environments are built and kept in a certain way, think network segmentation, service isolation, etc.

  • Patch/Bug Management – This is where we understand the soft spots in our software or components and manage the patches released to resolve/cover them.

  • Configuration Management – This is where we find those settings that cause unnecessary or unwanted exposure. This is usually caused by either a rouge configuration or because of an ill-informed baseline.

For vulnerability management to be effective, we have to take a more holistic approach and move beyond just bugs and patches.

9 views0 comments


bottom of page