A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness.
Gartner receives frequent inquiries from clients who are challenged with how to successfully treat all vulnerabilities identified during assessments. There is often a gap between the discovery and the resources available within IT operations to treat these within the time frame when attackers operate.
Download the Garter Report which explores:
- Why attackers focus on a small number of vulnerabilities that can be readily exploited at low cost to them;
- Multiple methods that you can use to help mitigate this issue, including application whitelisting and identity, access and privileged user monitoring;
- The importance of a well-placed mitigation measure at the network control point.