Jun 06, 2023
Is a new Forrester Wave™ Report coming in 2023?
It’s been four years since the last Forrester Wave™ report on vulnerability risk management was issued. However, with newcomer Forrester analyst Erik Nost recently releasing the Vulnerability Risk Management Landscape report in Q2 2023, all signs point to a potential Forrester Wave report in Q3 or Q4 of 2023.
The state of vulnerability risk management
Vulnerability risk management (VRM) involves technologies for identifying and evaluating assets, vulnerabilities, prioritizing remediation, facilitating risk responses, and offering reporting and measurements for both asset and vulnerabilities.
The Vulnerability Risk Management Landscape Report Q2 2023 provides insights into the benefits of VRM solutions and highlights key functionalities to consider when selecting a vendor. In the report, Nost profiled 36 VRM vendors, showcasing the diverse range of VRM functionalities and providers. It is typical for an analyst to further refine those vendors to a smaller list in an actual Wave report.
Forrester analyst has a keen interest in risk-based vulnerability management
Erik Nost specializes in security and vulnerability risk management. His expertise spans vulnerability, attack surface, breach simulation and security testing.
Previously, he managed fintech and banking operations. Before Forrester, Nost led an infosec risk team in financial services, aligning with industry frameworks. He implemented initiatives for risk management in areas like cloud migration, security training and incident response.
Nost’s recent blogs cover various cybersecurity topics, including vulnerability risk management, threat modeling and penetration testing. He shares valuable insights and recommendations on proactive security behaviors, vulnerability management strategies and emerging trends in the cybersecurity space.
Nost’s recent work discusses three critical areas of focus in vulnerability risk management:
1. Business context-based prioritization
Regaining trust and inspiring action are critical factors for any effective vulnerability management strategy, as indicated by Nost’s blog.
Traditional vulnerability risk management presents inefficiencies that prompt clients to seek guidance on prioritizing remediation and optimizing patching. This disconnect is evident: vulnerability teams struggle with risk assessment while operations face tight deadlines.
2. Synergy between security operations and vulnerability management
In his blog on VRM and SOC Teams, Nost highlights the need for a security operation center (SOC) and vulnerability management teams to work closely together to achieve optimal results. Accelerated threat intelligence reactions and automation adoption by VRM teams blur proactive-reactive lines in vulnerability management.
The analysis advises organizations to focus on three key areas for improved SOC and VRM collaboration:
- Incident response: SOC teams should align responses based on knowledge of vulnerable systems and critical assets.
- Remediation prioritization: VRM teams can refine risk assessments with SOC insights on exploited systems and vulnerabilities.
- Critical vulnerability response: Both teams should leverage analyst expertise to efficiently handle high-profile incidents like Log4j, encompassing discovery, exploration, classification, determination and execution.
3. The importance of an operational rhythm for effective vulnerability management
Just as maintaining a consistent dental care routine keeps your teeth healthy, establishing an operational rhythm in vulnerability management ensures proactive protection against cyber threats.
Emphasizing tangible business impacts like downtime, revenue loss, missed deadlines and reputational harm is important. Management should foster a culture of recognition-based wins, ensuring transparency in risks, rewards and tasks. Use scorecards for tracking progress and promoting healthy competition. The goal: motivate, create champions and adopt a realistic, risk-centric approach to vulnerability management.
Understanding Brinqa’s role in the VRM landscape
Brinqa was one of the 36 vendors profiled in the Vulnerability Risk Management Landscape report. This recognition highlights Brinqa’s position as a notable player in the VRM industry.
With our comprehensive VRM platform, Brinqa helps organizations identify and triage vulnerabilities based on potential impact and business criticality. Companies then allocate resources effectively and address threats that pose the most significant risks to their operations and data security. By implementing Brinqa’s VRM solution, organizations minimize the chances of a cyber “root canal.”
Brinqa integrates security operations and vulnerability management to empower organizations to streamline their incident response processes, effectively reducing the time it takes to identify and address vulnerabilities. Brinqa’s holistic approach, focusing on prioritization, collaboration and establishing an operational rhythm, sets us apart in the cybersecurity industry.
As we await the possible release of a Forrester Wave™ VRM report, we are enthusiastic about the prospect of being included. In the meantime checkout a recent webinar, where Asurion broke down how they escaped the vulnerability hamster wheel with Brinqa.