De-mystifying Security Series: Vulnerability Risk Management
Identifying and dealing with cybersecurity vulnerabilities is key to preventing cyberattacks - and it’s generally cheaper and more effective to plug any holes rather than having to deal with a threat which has already penetrated security defenses.
Vulnerability Risk Management (VRM)
Vulnerability Risk Management (VRM) describes the processes and technologies deployed to identify potential weaknesses. Specifically, vulnerabilities are potential gaps in security provisions that could be exploited to gain access to network resources.
VRM also defines how a business responds to identified vulnerabilities. This is usually a documented process that outlines how vulnerabilities are prioritized, and the steps taken to close each gap depending on the assigned priority. Ultimately, vulnerability risk management is about preventing similar problems in future.
Threat & Vulnerability Management – TVM
Extending VRM, Threat & Vulnerability Management also addresses threats. In the context of TVM, threats describe the tools and techniques employed by cybercriminals to exploit known vulnerabilities. In some cases, threats also relate to accidental exploits that result in similar outcomes – loss or damage to network assets.
TVM also covers management of threats and vulnerabilities, detailing how an organization identifies and responds to both. Identified threats and vulnerabilities are prioritized and patched according to a documented procedure agreed by IT management, with a view to protecting network assets and the rest of the business.
Continuous Adaptive Risk and Trust Assessment – CARTA
At the most basic level, Continuous Adaptive Risk and Trust Assessment (CARTA) is a new approach to managing risk. The CARTA methodology is intended to help businesses deploy security safeguards that keeps pace with developments in technology and cybersecurity.
A CARTA-based strategy is built on the assumption that all systems and applications have already been compromised. CARTA operates against a comprehensive asset inventory. Each asset is continuously monitored and assessed for risk, providing early warning of potential breaches and to establish trust that the system in question has not been breached.
How Navisite can assist
Navisite partners with leading providers like Kenna Security, Bitsight, Alert Logic, and leading scanning providers (e.g. Qualys) to provide vulnerability risk management and continuous compliance for its clients. Navisite’s deep bench of vulnerability management specialists’ leverage our partner platform solutions to provide ‘outside-in’ and ‘inside-out’ visibility into the security posture of our clients. Proactively, our approach enables detection of risk, expert prioritization, and smart remediation of assets and continuous compliance across multi-cloud environments.