In the past vulnerability assessment has been the primary approach used to detect cyber threats.
Risk-based vulnerability management has become increasingly popular.
How do each of these approaches work, and which do you think is more effective?
Vulnerabiity Assement is a useful process but it's still a snap-shot of your security posture.
Risk-based Vulnerabiity Management is a dynamic, ongoing process as part of your cyber protection strategy, integrating with your installed systems, monitoring progress and taking your assets criticality into consideration.
As soon as a vulnerability assessment is complete, it is obsolete. Your environment changes daily/weekly/monthly. Assessments are "a point in time". Vulnerability Management is continuous, and seems to me to be the better strategy.
A risk-based approach is more effective but we need to go beyond just risk-based vulnerability assessment. We need to take into account the impact on our business and brand reputation of data being compromised, we need to take into account whether we are getting better or worse at securing our data and we need to be clear that we need continuous monitoring to maintain our security posture. We also want to see our risk score in an easily understandable way
I think risk-based vulnerability managemente it´s the way to go since you only try to solve those vulnerabilities that represent a real risk intead of just using the CVSS score. For example when you use a risk-based approach you take into account the level of importance (based on business) of the system you are trying to protect.
YOU are right that earlier vulnerability assessment was very basic and done as reactive manner, after that proactive manner was introduce where it use to compare with best practice and industry threats. But now in this world of ZERO day attack we really need very Advance and RIsk base vulnerability assessment solution. And as per me this tool need to be base on AI and ML. It means Tool should contain power of Analytics & AI, Real Time Risk Monitoring, Report, Verify & Action.
Hi infosec professionals.
What are your top choices of tools to use for mobile penetration testing this year?
Thanks for sharing your knowledge!
Let the community know what you think. Share your opinions now!