Another class of issues is Misconfiguration. Though these are not the classic vulnerabilities, they do render the asset vulnerable. These are checks performed against popularly accepted industry benchmarks like CIS (Centre for Internet Security).
The IT infrastructure of an organization today is diverse, spread across the cloud, on-premise and employees working from home. The vulnerability assessment must cover the assets in the above scenarios.
Challenges with Vulnerability Assessments
The findings from these assessments are quite technical in nature.
Severity of the issues are based on CVSS (Common Vulnerability Scoring System), which is constant and does not take the organization context into account.
Reports of the each of the asset type are different, given 8-10 asset types, there is no way to correlate and normalize them.
The number of issues identified are large, with tens of assets, the identified issues can be in the thousands.
Recent Comments