The blocking and tackling work of scan management is becoming a commodity, writes Lisa Xu, the CEO of NopSec in this Expert Insight. What organizations need now is complete visibility of their IT infrastructure and business applications.
Around the turn of the 21st century, vulnerabilities were chiefly addressed by someone in the IT department periodically running a manual scan for known vulnerabilities. At the time, organizations didn’t have too many vulnerabilities to worry about. According to CVE details, there were only about 1000 disclosed vulnerabilities in the year 2000.
Various vulnerability management data reports indicate that somewhere between 18,000 and 30,000 known vulnerabilities were reported in 2021. “Someone” in IT running a “manual” scanner can no longer provide even a hint as to which vulnerabilities an organization should be worried about today.
In this article, I’ll explore the origins of vulnerability management, how it has evolved, where it’s going, and what business leaders need to do to implement a cyber threat and exposure management strategy to support their digital transformation and application-centric business strategy.
How vulnerability management has evolved
Vulnerability management has changed because the world has changed. Digital transformation has revolutionized products, processes, and entire organizations. Over the last decade, companies, governments, and organizations of all types have adopted digital technologies—specifically cloud services, social media, remote work, and data analytics—at a rapid rate.
Lisa Xu is the CEO of Nopsec.
Since 2005, security teams