What is the scope of Vulnerability Management?  Given that any potentially exploitable weakness is technically a vulnerability – from undereducated employees, broken window locks to unpatched software – there is no right answer.  For us, vulnerability management is synonymous with infrastructure hygiene, and covers 4 primary areas:

• 3rd party software management (patching, configuration and life cycle management of non-custom software) – perhaps the most common scope of VM

• Network and firewall administration (patching, misconfiguration, policy violations)

• Asset management deficiencies (e.g. hardware underperformance, technology and security stack non-compliance)

• Factors preventing the efficient remediation of deficiencies (e.g. missing or incorrect data, unclear ownership or inability to locate)

 Service-oriented Vulnerability Management (Portfolio) is a menu of services from which organizations can either pick and choose those necessary to fill critical gaps, or leverage as an entire end to end service.  Our offering covers everything needed to address the above challenges - from executive-level strategy through technical execution.