GUEST ESSAY: Why rigorous vulnerability management is crucial to protecting critical systems

By Trishneet Arora

As companies accelerate their reliance on agile software development, cloud-hosted IT infrastructure and mobile applications, vulnerability management (VM) has an increasingly vital security role to play.

Related: Log4j vulnerability translates into vast exposures

Not only does VM contribute to the safety and security of an organization’s network and infrastructure, it also helps ensure infrastructure performance is optimized.

An efficient VM solution will reduce the time and manpower resources required to maintain an effective cybersecurity infrastructure, thereby reducing the risk for enterprises.

VM is a well-known and mature segment of cybersecurity. Despite this, many organizations manage incomplete or out-of-date VM technologies to protect critical data assets.

When creating new strategies for VM, it is important to consider a few best practices:

•VM includes multi-layered capabilities, requires a “continuous improvement” mentality, and must be implemented enterprise wide (including mobile, internet-based applications and cloud assets) to be effective.

•It begins with identifying all the assets the organization is trying to protect and creating a comprehensive inventory

•A VM solution should make it easy for IT and security teams to understand their VM posture at any time

•It needs to prioritize vulnerabilities so that IT and security teams can address the most critical threats first


While most vulnerability management systems evaluate identified risks, they often do not identify all infrastructure assets and therefore do not identify all vulnerabilities. Most VM solutions provide scanning capabilities, but can miss new endpoints, such as remote workers and shadow IT.

They often do not automatically prioritize vulnerabilities, making it difficult for stretched IT and security teams to focus resources on the most critical threats.  And many solutions offer automatic patch management capabilities, but IT and security teams want to have control over patching strategies.

The most current VM capabilities include software and processes that discover all infrastructure assets automatically, including cloud and mobile assets. Active and passive scanning includes actively locating assets anywhere in the comprehensive network environment, as well as vulnerabilities.

It prioritizes threats, enabling IT and security teams to focus resources on the most critical needs first. And it begins the remediation process by creating patches, but offers the IT and security teams flexibility to review and edit patches before deployment.

Beyond the capabilities of the technology itself, new VM solutions provide additional features designed to assist IT and security teams.  One of these is creating a single, customizable dashboard that arms teams with all critical VM information in one location.

Another is providing a rapid assessment of a network’s current VM posture, so teams can evaluate their progress against previous days, weeks and months. Lastly, new VM solutions can seamlessly integrate into an enterprise’s cybersecurity stack, maximizing protection of data assets.

TAC Security has developed ESOF VMDR, a novel set of cybersecurity capabilities that helps organizations better manage their IT infrastructure by rapidly identifying risks and prioritizing those risks, allowing teams to address the most pertinent vulnerabilities first. ESOF VMDR discovers all infrastructure assets, including cloud and mobile assets, automatically and without the need for human intervention.

TAC provides a unique cyber risk score that informs IT teams about the overall vulnerability of the network and provides automatic follow-up so teams can evaluate risks compared to previous periods.

In addition to the benefits that all vulnerability management systems offer, TAC Security’s solution consolidates management functions into one dashboard, is a force multiplier for IT teams and is available at a lower cost than comparable solutions.

IBM’s 2021 “Cost of a Data Breach” report showed that last year, the cost of a data breach rose to $4.24 million, the highest in 17 years. However, companies that reported having a fully deployed automation and AI system were able to identify and contain breaches quicker, reducing data breach costs by 80%.

Smart, effective use of advanced VM tools, policies and practices have become a security must-have, and this will continue to be true, going forward.

About the essayist: Trishneet Arora, Founder and CEO of  TAC Security, a San Francisco-based supplier of vulnerability management solutions

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone