RBVM – key to not getting crushed by the vulnerability boulder

Patching all an enterprise’s cybersecurity vulnerabilities is a Sisyphean task that’s only made harder by a scarcity of qualified cybersecurity personnel.

Risk-based vulnerability management (RBVM) solution providers make it easier for enterprises to protect their business with vulnerability prioritization technology that optimally focuses their remediation efforts on the vulnerabilities that are most important in the context of each business. Several recent events highlight how the RBVM space remains as interesting and important as ever.

We examine the considerations related to each of the three elements of the RBVM framework (vulnerabilities, assets and threats), some of the main approaches to RBVM, and some of the companies focused on moving solutions forward.

It is no secret that today’s IT organizations face a Sisyphean task in trying to patch all known vulnerabilities, a challenge that’s only made harder by a scarcity of qualified personnel. To help manage the task, IT security departments often advise IT staff on which of the myriad vulnerabilities they should prioritize based on a variety of factors. At its highest level, this is called risk-based vulnerability management (RBVM), and the solutions used to aid in this task are usually referred to as either RBVM software or vulnerability prioritization technology (VPT), with the terms being generally synonymous.

This challenge of how to best prioritize vulnerabilities is decades old, and solutions have continuously evolved over this time. But several recent developments highlight how the space remains as interesting and important as ever. These include government issued guidelines suggesting a risk-based approach to vulnerabilities to help combat ransomware, the May 14 announcement that Cisco will buy VPT specialist and leader Kenna Security, and the June 8 announcement that risk-based cybersecurity firm Brinqa received $110 million in its first institutional funding round.