Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform
Organizations have traditionally viewed vulnerability scanners as a tactical product, largely commoditized, and only providing value around audit time. How useful is a 100-page vulnerability report to an operations person trying to figure out what to fix next? But the tide is definitely turning—there is now a clear shift from a largely compliance-driven orientation to a more security-centric view. It’s widely acknowledged that compliance provides a low bar for security, and it just isn’t high enough. So more strategic security organizations need better optics. They need the ability to analyze threat-related data, combine it with an understanding of what is vulnerable, and provide visibility to what is meaningfully at risk. Yesterday’s vulnerability scanners are evolving to meet this need, and emerging as a much more strategic component of an organization’s control set than in the past.