Together with our new team member, Augusto Barros (blog, Twitter), we have embarked on an update to Gartner GTP vulnerability assessment (VA) and vulnerability management (VM) research. Let me tell you, we have some awesome plans!
First, here are the key documents we have on the topic (only GTP documents listed):
- “Vulnerability and Security Configuration Assessment Solutions Comparison” (2014)
- “Vulnerability Assessment Technology and Vulnerability Management Practices” (2014) – this one is … ahem … only 64 pages long!
- “Solution Path: Vulnerability Assessment, Mitigation and Remediation” (2014)
- “Decision Point for Vulnerability Management” (2012)
We are planning to overhaul our guidance in how to do both VA and VM right, refresh our tool coverage of “vendors that matter” and create 3 documents, along the lines of:
- Vulnerability Management Process Implementation Guidance – how to run your entire VM capability/program, remediate, mitigate and beat your server ops people into submission 🙂
- Vulnerability Assessment and Security Configuration Assessment Implementation Guidance – how to scan/assess correctly, to get the best value of VA tools, analyze report data, etc
- Vulnerability Assessment and Security Configuration Assessment Tools Comparisons – how to compare VA tools right, pick the right capabilities, etc
Among other things, we plan to touch on what VA vendors are doing to address challenges with public cloud environments (IaaS, PaaS, SaaS), mobile devices as well as (NEW!) IoT and OT devices. We are also working on a new vulnerability management process guidance, that would be roughly 37% more actionable 🙂
And here is my CALL TO ACTION:
- Vendors, got anything to say about vulnerability assessment? Here is a briefing link … you know what to do!
- Enterprises, got a fun VA/VM-related story to share – both WIN stories or FAIL stories will do fine? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
Past posts on vulnerability management:
- My Updated Vulnerability Management Practices Paper Publishes
- Cannot Patch? Compensate, Mitigate, Terminate!
- What is Your Minimum Time To Patch or “Patch Sound Barrier”
- Patch Management – NOT A Solved Problem!
- Next Research Project: From Big Data Analytics to … Patching
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.