Why Continuous Vulnerability Assessment Is EssentialTenable Network Security's Bussiere on the Need for Continuous Risk Analysis, Mitigation
A continuous vulnerability assessment program should be baseline security requirement for all organizations, says Richard Bussiere, Technical Director APAC at Tenable Network Security.
"In order to understand how secure you are and get a comprehensive visualization, you need to have the ability to measure that, for which you need a lot of data - you need the vulnerability data from the endpoint, you need network data and you need event data," he says in an exclusive interview with Information Security Media Group.
Using this data to support a continuous vulnerability assessment program helps organizations to understand which areas of their environment expose them to the most risk, and which of these risks they need to mitigate first, he says. "Effectively eliminating or mitigating vulnerabilities from the environment means that most exploits simply don't work against the targeted machine - if you are diligent about it, you are going to do an awful lot to reduce the threat surface," Bussiere says.
When organizations start to introduce new elements, such as DevOps and the cloud, the changes that occur in the environment happen at a very rapid pace. This means that organizations must have a risk analysis function that is a continuous process and takes full advantage of automation, Bussiere contends.
"The reason automation is so important is because when infrastructures start getting really big, it becomes really difficult to prioritize the devices or elements within that infrastructure that need to be mitigated or fixed first, and automation helps do that much more efficiently," he says (see: Will Automation Threaten Security Jobs?).
In this interview (see audio link below image), Bussiere also discusses:
- The evolution of the security market in Asia over the past 15 years;
- The future of IoT and industrial cybersecurity;
- Common mistakes practitioners need to avoid in today's dynamic landscape.
Bussiere, Technical Director APAC, Tenable Network Security, has more than 20 years of experience in ICT security, computer networking and engineering. He frequently assists organizations in adopting a regimen of proactive vulnerability management to help them reduce their vulnerability. Previously, Bussiere was Arbor Network's solution architect for Asia Pacific.