Traditional vulnerability remediation occurs in silos — the security team detects vulnerabilities, prioritizes which ones need to get fixed first, and punts the list over the cubicle wall for the IT operations team to handle.
But that approach is no longer tenable. The rate and pace at which vulnerabilities occur requires the strategic alignment of IT functions across the enterprise. Since the security team "owns" vulnerability management, it should be accountable for creating and maintaining that alignment. Rather than approaching vulnerability remediation as a game of "hot potato," they must play a much longer game and drive the process. Security teams need to assume the role of a quarterback — one who's gunning for a touchdown.
Be the QuarterbackVulnerability management is no one's favorite job, but it's essential in reaching long-term security goals for the enterprise. Infrastructure is assaulted daily by both complex vulnerabilities that take months to fix — like Boothole and Zerologon — as well as thousands of seemingly mundane vulnerabilities that, in the context of where and how they pop up in the environment, can introduce the same amount of risk as a critical vulnerability with a CVSS of 10. Leadership is key in motivating stakeholders to adopt a remediate-or-bust mindset.
Gartner estimates that security professionals will be aware of 99% of vulnerabilities exploited by the end of 2020 at the time of compromise; Ponemon found unpatched systems were the root cause of 60% of data breaches in 2019. With a deluge of new vulnerabilities being reported each year and dramatic shifts in enterprise IT, such ..
Support the originator by clicking the read the rest link below.
