Vulnerability management software can help automate this process. They’ll use a vulnerability scanner and sometimes endpoint agents to inventory a variety of systems on a network and find vulnerabilities on them. Once vulnerabilities are identified, the risk they pose needs to be evaluated in different contexts so decisions can be made about how to best treat them. For example, vulnerability validation can be an effective way to contextualize the real severity of a vulnerability.

Generally, a Vulnerability Assessment is a portion of the complete Vulnerability Management system. Organizations will likely run multiple Vulnerability Assessments to get more information on their Vulnerability Management action plan.

Identifying Vulnerabilities

Vulnerability scanners are able to identify a variety of systems running on a network, such as laptops and desktops, virtual and physical servers, databases, firewalls, switches, printers, etc.

Evaluating Vulnerabilities

After vulnerabilities are identified, they need to be evaluated so the risks posed by them are dealt with appropriately and in accordance with an organization’s risk management strategy.

Treating Vulnerabilities

Once a vulnerability has been validated and deemed a risk, the next step is prioritizing how to treat that vulnerability with original stakeholders to the business or network.

Reporting Vulnerabilities

Performing regular and continuous vulnerability assessments enables organizations to understand the speed and efficiency of their vulnerability management program over time.