This is the first year that Brinqa has participated in the Forrester Wave™: Vulnerability Risk Management study, and we are extremely happy to be recognized as Forrester reshapes the traditional vulnerability scanning market to better reflect modern vulnerability risk management! Some thoughts from our participation in this process…
An ecosystem approach to Vulnerability Management
According to Forrester “vendors with improved prioritization and reporting are pushing the market forward”, however, coming from a traditional network vulnerability scanning background appears to still be critical to achieving ‘leader’ status. Brinqa customers have invested in the best scanning solutions (often more than one) for their environment, and they like the results, so we partner with these vendors – who have perfected their capabilities over 15+ years. This is particularly relevant when we consider that the scope of modern VRM programs has expanded to include applications (SAST, DAST, SCA), cloud, configurations, and containers.
The best vulnerability management results across the extended scope are realized by leveraging an ecosystem of tools and vendors, each addressing a specific part of the process in the best way possible. Brinqa Vulnerability Risk Service integrates with 150+ security, asset, and threat intelligence sources enabling customers to get more out of their entire security environment without having to start over with one more disconnected solution.
Remediation is key
If you haven’t read the report, Forrester’s four-stage process for Vulnerability Risk Management remains the same and is spot on:
1) Asset management
2) Vulnerability enumeration
Each stage is critical to building a risk-aware vulnerability management program, and in combination they eliminate the biggest threats to your business faster. By transforming all vulnerability, asset, and threat data into knowledge-driven insights, organizations realize better prioritization, remediation, and ultimately mitigation of risks. This year, remediation was dropped from Forrester’s scoring criteria, and we would argue that it should have been included. Risk-aware remediation is the key to shifting to proactive and automated management of cyber risk, aligning information security processes with the organizational goal of building and growing a business.
Risk-aware remediation increases productivity by automating the proactive management of cyber risk,
and is absolutely essential for scale!
Cyber risk is unique
Forrester’s focus this year was prioritization, and they were very clear on asset criticality, vulnerability severity and network exposure being the critical underpinnings. We agree, and find our customers generally start with this subset of security data and leverage our OOB risk model to prioritize vulnerabilities for remediation. However, they very quickly want to bring in more security data from the plethora of solutions (certificate management, endpoint protection, patch management, SIEM, etc.) that they’ve invested in to add more nuance to risk analysis.
The resulting adjusted risk model truly informs their unique risk posture. It’s impossible to effectively prioritize risk without the right underlying components and a complete risk model that connects everything to establish a common risk language.
Scoring 13 vendors based on a common set of criteria is tough. Some vendors excel at scanning, some focus on prioritizing and remediating cyber risk while leaving the scanning to others, and some vendors specialize in specific infrastructure monitoring areas such as digital footprinting. Hats off and a big thank you to Forrester for helping organizations navigate through the process of making their vulnerability management processes risk-aware!
Learn more about how Brinqa addresses the capabilities outlined in the 2019 Forrester VRM Wave™.
How Brinqa addresses the technical capabilities outlined in The Forrester Wave™: Vulnerability Risk Management (VRM) Q4 2019 study
Access the full 2019 Forrester Wave™: Vulnerability Risk Management report here.