Wave Goodbye to the Old Way of Doing Vulnerability Management

by Brinqa Security Team

Contents

Share

The Forrester Wave™: Vulnerability Risk Management, Q3 2023 is out, and we are honored to be named as a Strong Performer, with the highest scores possible in 7 different criteria.

Much has changed in the market since the last Wave in 2019. To quote author and Forrester senior analyst Erik Nost’s opening salvo in the report, the old approach of “slap a vulnerability scanner in their environment, find a bunch of problems, then point fingers when nothing got fixed…” is over — we could not agree more. It is time to get real about building proactive security programs.

So what does it mean to create a proactive security program? How do you operationalize a risk-based approach to Vulnerability Management in a world where scanning for and detecting vulnerabilities is commoditized? 

It starts with shifting focus from scanning to the adoption of the cyber risk lifecycle.

Brinqa customers have been embracing this new ethos for years. Overcoming their seemingly impossible backlogs of vulnerabilities, identifying both business and technical owners of risk, and communicating risk in a manner that motivates their stakeholders to act.

Key Pillars for Operationalizing a Risk-based Approach

The Forrester report states that VRM customers should look for providers that:

  1. Provide strong visibility of assets
  2. Prioritize remediation efforts
  3. Complement remediation response

In the next few sections, we outline how Brinqa delivers on these key aspects of a Vulnerability Risk Management solution.

Provide strong visibility of assets

It all starts with the Brinqa Cyber Risk Graph. The Brinqa Cyber Risk Graph combines asset, business context, threat intelligence and vulnerability data into a live comprehensive view of the entire attack surface.  It provides customers the clarity to see the risks that exist across their organization, and to view them from a business perspective. Plus, it makes it easy to clearly understand who owns the assets that are at risk.  

In The Forrester Wave™: Vulnerability Risk Management, Q3 2023, Brinqa received the highest scores possible in all criteria related to asset visibility,  ✅ business contextualization, ✅ asset criticality, and ✅ asset types – validating, in our opinion, the power of our Cyber Risk Graph.

Prioritize remediation efforts

In addition to unifying disparate security findings into the Cyber Risk Graph, Brinqa creates normalized risk scores. Further, Brinqa uses correlated business context and threat intelligence to adjust these risk scores to precisely identify the vulnerabilities that pose the biggest risk to the organization from the millions of vulnerabilities detected. 

This is all done with transparency, so security analysts and remediation owners have a clear understanding of why, for example, a medium severity CVSS score vulnerability is being elevated as a critical risk to their business (or vice versa).

Brinqa received the highest score possible in the criterion of ✅ prioritization insights and customizations in the The Forrester Wave™: Vulnerability Risk Management, Q3 2023.

Complement Remediation Response

The Brinqa Platform helps customers navigate complex business and remediation ownership structures, build automations to streamline the remediation ticketing process, and has a highly configurable bi-directional integration with ITSM tools. Sitting between detection tools and ITSM tools, Brinqa is uniquely positioned to accurately track remediation progress, validate fixes when tickets are closed, and measure and communicate SLA compliance.

Brinqa natively allows customers to configure dynamic reports that neatly displays actionable insights from throughout the cyber risk lifecycle that can accommodate both executive and analyst level views.

What does all this ultimately deliver to Security teams? Trust.  Trust in Brinqa reports to show how different business owners are doing at remediating the risks they own.  Trust in the notifications and remediation instructions Brinqa automation delivers to engineers and developers. Trust between Security and the rest of the organization.

Now all this automation and reporting is great, but if it isn’t easy for Security Analysts to use, it really doesn’t matter.  That is why we are proud to receive the highest score possible in the criterion of ✅ analyst experience in The Forrester Wave™: Vulnerability Risk Management, Q3 2023.

What’s Next for Vulnerability Risk Management

There has alway been a lot of talk about cybersecurity becoming more proactive, yet so much of the culture of our industry thrives off of the rush of detect and respond.  No one ever does a tabletop exercise about finding a vulnerability, prioritizing it and then patching it.  There’s no all hands on deck. No save-the-day rush to proactive security.  Yet it is clearly critical to maturing the cybersecurity function in an organization.  

We believe it is time for the Vulnerability Management discipline to evolve into a Risk Operations Center.  A proactive security approach that combines operational rigor, comprehensive management of vulnerabilities and security policies across the entire attack surface, and business level communications about risk. It also serves to elevate proactive security to be on par with detection and response strategies represented by the SOC. 

“[Brinqa] envisions VRM teams evolving into risk operations centers (ROCs ) that operationalize proactive activities to respond to events around decreases in posture…” 

The Forrester Wave™: Vulnerability Risk Management, Q3 2023

The Risk Operations Center is Brinqa’s vision for a new approach to managing exposures pre-attack. It is this vision that received the highest possible ✅ vision criterion score in The Forrester Wave™: Vulnerability Risk Management, Q3 2023.

If you’d like to see for yourself why Forrester selected us as a Strong Performer with the highest possible scores in 7 criteria, schedule a demo to see Brinqa in action.

 

Read Next

< Prev

Stop Chasing the Adrenaline Rush of Reactive Security

Next >

How ASPM is Changing the Game in Application Security