Vulnerability management has evolved from simply running a scanner on an application, computer, or network to detect common weaknesses. Scanning is an essential element of vulnerability management, but VM includes other technologies and workflow that contribute to a bigger picture required for controlling and removing vulnerabilities. The primary objectives of VM are to:
- Identify and fix faults in the software that affect security, performance, or functionality.
- Alter functionality or address a new security threat, such as updating an antivirus signature.
- Change a software configuration to make it less suscepti- ble to attack, run faster, or improve functionality.
- Use the most effective means to thwart automated attacks (such as worms, bots, and so on).
- Enable the effective improvement and management of security risks.
- Document the state of security for audit and compliance with laws, regulations, and business policy.
Consistent, ongoing vulnerability management is difficult, if not impossible to do on a manual basis. You have simply too many moving parts to juggle and act on in a timely and cost- effective manner. Repetitive tasks that regularly cycle through all devices are enormously time consuming – and an inefficient use of IT and network staff time.