| INTEGRATIVE INSIGHTS ON EMERGING OPPORTUNITIES |
Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.
hsmith@firstanalysis.com
- Patching all an enterprise's cybersecurity vulnerabilities is a Sisyphean task that's only made harder by a scarcity of qualified cybersecurity personnel.
- Risk-based vulnerability management (RBVM) solution providers make it easier for enterprises to protect their business with vulnerability prioritization technology that optimally focuses their remediation efforts on the vulnerabilities that are most important in the context of each business. Several recent events highlight how the RBVM space remains as interesting and important as ever.
- We examine the considerations related to each of the three elements of the RBVM framework (vulnerabilities, assets and threats), some of the main approaches to RBVM, and some of the companies focused on moving solutions forward.
TABLE OF CONTENTS
Includes discussion of CSCO, QLYS, RPD, TENB and seven private companies
A Sisyphean task
The universe of vulnerabilities
Which vulnerabilities do I have?
Adding threat intelligence
Assessing damage potential
Choosing RBVM solutions
One size does not fit all
A sample of solution providers
Making an impossible task a little more possible
Cybersecurity index continues to outperform the Nasdaq and S&P
Q2 cybersecurity M&A activity continues to slow
Q2 cybersecurity private placements sustain recent pace
A Sisyphean task
It is no secret that today's IT organizations face a Sisyphean task in trying to patch all known vulnerabilities, a challenge that's only made harder by a scarcity of qualified personnel. To help manage the task, IT security departments often advise IT staff on which of the myriad vulnerabilities they should prioritize based on a variety of factors. At its highest level, this is called risk-based vulnerability management (RBVM), and the solutions used to aid in this task are usually referred to as either RBVM software or vulnerability prioritization technology (VPT), with the terms being generally synonymous.
This challenge of how to best prioritize vulnerabilities is decades old, and solutions have continuously evolved over this time. But several recent developments highlight how the space remains as interesting and important as ever. These include government issued guidelines suggesting a risk-based approach to vulnerabilities to help combat ransomware, the May 14 announcement that Cisco will buy VPT specialist and leader Kenna Security, and the June 8 announcement that risk-based cybersecurity firm Brinqa received $110 million in its first institutional funding round.