Together with our new team member, Augusto Barros (blog, Twitter), we have embarked on an update to Gartner GTP vulnerability assessment (VA) and vulnerability management (VM) research. Let me tell you, we have some awesome plans!
First, here are the key documents we have on the topic (only GTP documents listed):
- “Vulnerability and Security Configuration Assessment Solutions Comparison” (2014)
- “Vulnerability Assessment Technology and Vulnerability Management Practices” (2014) – this one is … ahem … only 64 pages long!
- “Solution Path: Vulnerability Assessment, Mitigation and Remediation” (2014)
- “Decision Point for Vulnerability Management” (2012)
We are planning to overhaul our guidance in how to do both VA and VM right, refresh our tool coverage of “vendors that matter” and create 3 documents, along the lines of:
- Vulnerability Management Process Implementation Guidance – how to run your entire VM capability/program, remediate, mitigate and beat your server ops people into submission 🙂
- Vulnerability Assessment and Security Configuration Assessment Implementation Guidance – how to scan/assess correctly, to get the best value of VA tools, analyze report data, etc
- Vulnerability Assessment and Security Configuration Assessment Tools Comparisons – how to compare VA tools right, pick the right capabilities, etc
Among other things, we plan to touch on what VA vendors are doing to address challenges with public cloud environments (IaaS, PaaS, SaaS), mobile devices as well as (NEW!) IoT and OT devices. We are also working on a new vulnerability management process guidance, that would be roughly 37% more actionable 🙂
And here is my CALL TO ACTION:
- Vendors, got anything to say about vulnerability assessment? Here is a briefing link … you know what to do!
- Enterprises, got a fun VA/VM-related story to share – both WIN stories or FAIL stories will do fine? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
Past posts on vulnerability management: