Why Continuous Vulnerability Assessment is Essential (Bank Info Security)


A continuous vulnerability assessment program should be baseline security requirement for all organizations, says Richard Bussiere, principal architect, APAC, at Tenable Network Security.

“In order to understand how secure you are and get a comprehensive visualization, you need to have the ability to measure that, for which you need a lot of data – you need the vulnerability data from the endpoint, you need network data and you need event data,” he says in an exclusive interview with Information Security Media Group.

Using this data to support a continuous vulnerability assessment program helps organizations to understand which areas of their environment expose them to the most risk, and which of these risks they need to mitigate first, he says. “Effectively eliminating or mitigating vulnerabilities from the environment means that most exploits simply don’t work against the targeted machine – if you are diligent about it, you are going to do an awful lot to reduce the threat surface,” Bussiere says.