Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on average.
For many companies, vulnerability management amounts to a game of whack-a-mole. Vulnerability research, assessment and testing are conducted manually and with technological approaches that have not matured over the course of a decade. This inadequacy results in inefficient strategies and security assessments that lack the breadth of scope to reliably simulate what attackers are likely to do when targeting an organization. Even companies that have mature vulnerability assessment programs may struggle when it comes to analyzing the potential risk and impact and managing remediation.