A continuing evolution in vulnerability assessment
Peter Stephenson, technology editor, SC Magazine
One of the more enjoyable groups for us here in the SC Lab is vulnerability assessment. The two big areas of growth in this year's products were cloud-based assessments and increased automation and templates. Last year, we just had begun to see scans conducted from the cloud. While there have been similar services for years, the wholesale move to the cloud was something new. This year, vendors are beginning to embrace this approach to vulnerability scanning.
Organizations recognize that the currency of a scan is only as good as the moment that the scan is completed. Five minutes (or less) later and the scan may be completely outdated. In a given month – the typical interval between scans – there could be hundreds of new exploits developed. Zero-day exploits threw more garbage in the game and before long it was conventional wisdom that typical vulnerability scanning was a waste of time and money since the data was only reliable for a very short time. The answer, of course, was automation.
“Vulnerability assessment and penetration testing began to morph a couple of years ago into vulnerability management, including such solutions as patch management.”
Additionally, there is a trend toward self-service by the customer. The combination of a need to automate and a need for self-service has driven external vulnerability scanning to the cloud. That doesn't cover the entire territory, though. We still need to be concerned about the internal network, and we should still perform periodic penetration testing. However, both of those processes are a bit challenging to do from the cloud.
Vulnerability assessment and penetration testing began to morph a couple of years ago into vulnerability management, including such solutions as patch management. That trend is alive and well in this year's products. Every year we think that this group has reached maturity and every year it surprises us. This time is no exception.
This month, SC Lab Manager Mike Stephenson took about half of the products and the rest were worked by Jim Hanlon, one of our new reviewers. I think that you'll find these write-ups much to your liking. There is a lot covered here – certainly we have quite a few products, and while some are old favorites, there are some new surprises this year. With 11 products this month, there is much to read. So, let's get started.