Risk Assessment and Prioritization is a Triage Process
- In order to use vulnerability scans effectively in a risk-management strategy, you need to be able to triage and analyze risk, and there aren’t tools that can do that effectively today alone. Doing that requires systems and people.
- New AI systems based on machine learning that are capable of processing vast amounts of data may be the future of cyber risk management.
“You will need a cross-functional set of people in order to understand the context of the potential risks you’re looking at.”
One of the challenges that comes with rolling out vulnerability detection and management technologies is interpreting and acting on the insights they provide. “Having a set of results is great,” says Pieter VanIperen, security architect and a specialist in code security. “But you’re going to have a lot of false positives, especially on a first scan. If you’re doing an internal scan, you’re going to have systems that aren’t even accessible to the outside world that are getting flagged.”