没有合适的资源?快使用搜索试试~ 我知道了~
Gartner发布漏洞评估市场指南:技术和市场趋势、典型用例及40家全球主要厂商和产品方案 漏洞管理是一项关键的安全运营活动,可帮助组织识别资产、减轻威胁并满足合规性要求。安全和风险管理领导者可以使用本指南来了解 VA漏洞评估技术,作为更广泛的风险管理计划的一部分。 主要发现 漏洞评估 (VA) 技术买家已从仅识别漏洞的工具发展为还能够主动评估、管理和报告这些漏洞带来的风险的工具。 大多数领先的 VA 供应商都通过有机方式或通过收购增加了外部攻击面管理 (EASM) 功能。 针对漏洞优先级的点解决方案仍然占据主导地位,并且在许多情况下可以提供比现有 VA 解决方案内置的功能更好的功能。 VA 供应商面临着来自网络安全验证产品的日益激烈的竞争,例如漏洞和攻击模拟以及自动渗透测试。企业 VA 供应商也正在将 VA 与这些验证方法集成。
资源推荐
资源详情
资源评论
Gartner, Inc. | G00755176
Page 1 of 17
Market Guide for Vulnerability Assessment
Published 7 August 2023 - ID G00755176 - 23 min read
By Analyst(s): Mitchell Schneider, Craig Lawson, Jonathan Nunez
Initiatives: Security Operations
Vulnerability management remains a critical security operations
activity that helps organizations identify assets, mitigate threats
and meet compliance mandates. Security and risk management
leaders can use this guide to understand VA technologies as part
of a broader exposure management program.
Overview
Key Findings
Recommendations
Security and risk management leaders responsible for security operations who are
selecting and operating VA solutions must:
Vulnerability assessment (VA) technology buyers have evolved from tools that only
identified vulnerabilities to those that also proactively assess, manage and report the
risks posed by those weaknesses.
■
The majority of leading VA vendors have added external attack surface management
(EASM) capabilities either organically or through acquisition.
■
The dominance of point solutions for vulnerability prioritization still persists, and in
many cases can provide better functionality than what is built-in to existing VA
solutions.
■
VA vendors face increasing competitions from cybersecurity validation products,
such as breach and attack simulation and automated penetration testing. Enterprise
VA vendors are also integrating VA with these validation approaches.
■
Evaluate VA solutions’ capabilities for assessment coverage and depth, and support
of stand-alone product integrations to fill in the gaps across the vulnerability life
cycle, and to assist in remediation automation.
■
This research note is restricted to the personal use of [email protected].
Gartner, Inc. | G00755176
Page 2 of 17
Market Definition
VA solutions identify, categorize and prioritize vulnerabilities as well as orchestrate their
remediation or mitigation. Their primary focus is vulnerability and security configuration
assessments for enterprise risk identification and reduction, and reporting against various
compliance standards (see Note 1). VA can be delivered via on-premises, hosted and
cloud-based solutions, and it may use appliances and agents.
Core capabilities include:
Standard capabilities include:
Leverage vulnerability prioritization technology (VPT) solutions to aid in
implementing a risk-based vulnerability management (RBVM) approach. A tool’s
ability to bring the results on a consolidated platform for prioritization and treatment
(e.g., patching and other compensating measures) is also important to enhance
operational efficiency.
■
Combine active network scanning with agent-based scanning as the primary
deployment method and leverage passive and API-based scanning to augment the
existing capabilities, and to have real-time visibility with improved asset coverage.
This is the main deployment model many organizations are moving toward with the
exception of OT use cases.
■
Identify vendors offering a combined solution if your organization is resource-
constrained or wants to consolidate vendors. More VA vendors are adding
prioritization, attack surface management and attack path mapping capabilities to
their products — either complementary or through an add-on module.
■
Discovery, identification and reporting on device, OS, software vulnerabilities and
configuration against security-related criteria
■
Establishing a baseline for systems, applications and databases to identify and
track changes in state
■
Reporting options for compliance, control frameworks and multiple roles
■
Pragmatic remediation prioritization with the ability to correlate vulnerability severity,
asset context and threat context that then presents a better picture of true risk for
your specific environment
■
This research note is restricted to the personal use of [email protected].
Gartner, Inc. | G00755176
Page 3 of 17
Market Description
VA technology typically supports security operations; network asset and system visibility;
and compliance use cases. Security use cases include vulnerability and security
configuration assessments for enterprise risk identification, reduction and reporting
against various compliance standards. Compliance use cases are still a strong driver and
include meeting scanning requirements for regulatory or other compliance regimes, such
as the Payment Card Industry Data Security Standard (PCI DSS) or the National Institute
of Standards and Technology (NIST). These requirements can also include application
assessment of the infrastructure in scope of the compliance standard.
VA can be delivered via an on-premises solution based on software, appliances, agents,
the cloud, hosted solutions and/or a hybrid of these options. Moreover, it is widely
available from managed security service providers (MSSPs), some managed detection
and response (MDR) providers, consultants and outsourcers. VA is also offered by some
endpoint protection platform (EPP)/endpoint detection and response (EDR) vendors.
Adjacent to VA, VPT uses the utility of VA telemetry, asset criticality context, environment
context and multiple, preintegrated threat intelligence sources to augment vulnerability
data via advanced analytics. This combination enables organizations to have
fundamentally different views of their specific cyber risks. VPT saves significant time over
trying to do this analysis manually. It also provides better insight and context because
acting on these prioritized results will substantially reduce an organization’s attack
surface, with the least amount of time and the most efficient use of staff resources.
Prioritization, though a stage in RBVM, is of prime importance for effective risk and threat
reduction. In essence, it is directly aiding in the reduction of your organization’s attack
surface (see Innovation Insight for Attack Surface Management). The leading disruptors
in the prioritization capability remain the pure-play VPT vendors. That said, prioritization
concurrently exists as a feature in all the major VA vendor offerings, either natively or as
an add-on capability.
Guidance for remediating and configuring compensating controls
■
Management of scanner instances, agents and gateways
■
Direct integration with, or API access to, asset management tools, workflow
management tools and patch management tools
■
This research note is restricted to the personal use of [email protected].
剩余19页未读,继续阅读
资源评论
lurenjia404
- 粉丝: 1881
- 资源: 118
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功