In order for small and medium-size businesses to understand why vulnerability management is crucial for the protection of their operations, they need to know what vulnerability management is, why it is becoming increasingly important even for smaller businesses, and some of the key details to look for when signing a contract with a VM solution provider.
What is Vulnerability Management?
VM is the continuous process of the discovery, reporting, prioritization, and response to security threats against one of the most critical components of most businesses — their data. While larger businesses have the resources to devote multiple staff members to address VM, smaller businesses typically partner with an external vendor to provide a solution for them.
How Important is a VM Solution?
It’s not enough anymore for small companies to merely apply some anti-virus software to their equipment, then assume they are sufficiently protected from threats to their information. This type of “set it and forget it” approach may have been adequate a decade or two ago, but hackers and other cyber criminals are becoming much more sophisticated in their attacks and they are always on the lookout for those most vulnerable. While larger businesses may have more assets to gain access to, they are also more likely to be protected by an entire department devoted to security administration.
This means cyber criminals are increasingly turning toward medium-sized and smaller businesses, who do not have the resources to develop a VM solution, or worse yet, don’t even know they need a solution. Even if a CEO is technologically savvy enough to ask “where are we exposed?”, if no one in their small IT department can adequately answer the question, then it’s probably safe to say that information vulnerabilities exist.
What to Look For in a VM Solution/Vendor
It’s difficult for business owners to know of every detail to look for in a solid VM solution, however there are some key factors that separate a comprehensive VM solution from those that may not provide sufficient protection. When researching all the various vendor plans, there are several key components to look for.
- Is coverage continuous and complete? – Companies looking for a VM solution provider need to know the depth and breadth of all their technology assets are continually and completely covered. That means cloud usage, off-network endpoints such as employee laptops, tablets, and smartphones, the corporate network, web usage, apps, etc.
- Intelligent Assessment – With the advent of the internet of things (IoT) smart devices, along with more sophisticated container image technologies and the like, it’s not enough to merely scan a device or a file to determine if they carry a threat. A good VM solution utilizes intelligent assessment methods in order to expose hidden threats.
- Prioritizing Threats – A good VM solution will incorporate machine learning techniques to prioritize potential threats. Since more endpoints and more data usage means more coverage, without intelligent assessment and effective prioritization, a lesser VM solution might present a more trivial threat for inspection, while a larger threat lurks in the background.
- Benchmarking and Reporting – A VM vendor should be able to provide benchmarking results for a business both within the company, such as comparing departments, as well as external benchmarks. In other words, comparing metrics with other companies in the industry in the areas of scanning frequency, age-related vulnerabilities, and overall cyber risk. Reporting features should incorporate flexibility so companies can customize reports for their unique situation with regard to their benchmarking figures, as well as other security-related information.
- Licensing and Pricing, Keep it Simple – A good vendor should be able to explain the different tiers of support they offer, the dollar amount attached to each tier and what a company will (and will not) be receiving when they sign on the dotted line. A good vendor will neither under or over sell to a client because they understand the best way to forge a long-term relationship is to look out for the best interests of their customers.
If you would like more information on developing a complete vulnerability management solution for your business, please contact us.