2020-06-03T18:17:00Z

What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?


In the past vulnerability assessment has been the primary approach used to detect cyber threats. Risk-based vulnerability management has become increasingly popular. How do each of these approaches work, and which do you think is more effective?

Guest
44 Answers

author avatar
Top 20User

A risk-based approach is more effective but we need to go beyond just risk-based vulnerability assessment. We need to take into account the impact on our business and brand reputation of data being compromised, we need to take into account whether we are getting better or worse at securing our data and we need to be clear that we need continuous monitoring to maintain our security posture. We also want to see our risk score in an easily understandable way

2020-07-07T18:43:31Z
author avatar
Top 20LeaderboardReal User

I think risk-based vulnerability managemente it´s the way to go since you only try to solve those vulnerabilities that represent a real risk intead of just using the CVSS score. For example when you use a risk-based approach you take into account the level of importance (based on business) of the system you are trying to protect.

2020-06-04T17:49:21Z
author avatar
User

As soon as a vulnerability assessment is complete, it is obsolete. Your environment changes daily/weekly/monthly. Assessments are "a point in time". Vulnerability Management is continuous, and seems to me to be the better strategy.

2020-06-04T15:15:37Z
author avatar
Top 5LeaderboardReseller

YOU are right that earlier vulnerability assessment was very basic and done as reactive manner, after that proactive manner was introduce where it use to compare with best practice and industry threats. But now in this world of ZERO day attack we really need very Advance and RIsk base vulnerability assessment solution. And as per me this tool need to be base on AI and ML. It means Tool should contain power of Analytics & AI, Real Time Risk Monitoring, Report, Verify & Action.

2020-06-04T08:31:37Z
Find out what your peers are saying about Tenable Network Security, Rapid7, Qualys and others in Vulnerability Management. Updated: October 2020.
442,041 professionals have used our research since 2012.