One of the three vulnerability assessment papers I’ve been working on published today. “Vulnerability and Security Configuration Assessment Solutions Comparison” is an in-depth look at vulnerability assessment tools used by enterprises. The report also sheds lights at a few areas of vulnerability assessment (and broader vulnerability management): assessment of emerging environments (such as cloud, mobile and virtual), large-scale vulnerability prioritization and architecting a large environment.
“Vulnerability assessment tools play a critical role in enterprise vulnerability management. The tools are being expanded toward an in-depth security configuration assessment, large-scale vulnerability prioritization and security assessment of new cloud, mobile and virtualization environments. This comparative assessment reviews the enterprise-ready vulnerability assessment tools based on modern use cases, expanded core capabilities and emerging focus areas.”
For the entire VA market, see the VA Marketscope (2011, 2012 is coming soon).
To those without subscriptions, please enjoy the blog posts on the same topic that I wrote while working on the paper:
- On Scanning “New” Environments
- On Vulnerability Prioritization and Scoring
- On LARGE Scale Vulnerability Management
- On Vulnerability Management and Clouds
- On PCI DSS and Scanning
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.