Featured Article from Software Licensing

Comprehensive Approach Required for Software Vulnerability Management

March 03, 2017



Software vulnerability management remains a major pain point for most businesses, even as the number of breaches and exploits is on the rise. Companies struggle with maintaining the proper tools to tackle vulnerability management as well as with company-wide coordination and agreement on security priorities.

A recent webinar from Flexera Software, a company that specializes in software licensing and vulnerability management, discusses some of the challenges companies face when attempting to set up best practices for vulnerability and patch management. The company also offers some valuable suggestions about comprehensive approaches to security that ensure software vulnerabilities are properly addressed.

According to Gartner’s (News - Alert) report, “Threat and Vulnerability Management Primer for 2017,” businesses find the coordination and orchestration of vulnerability remediation efforts to be a point of operational failure, an alarming prospect. In order for vulnerability management to succeed, organizations need coordination between IT security and IT operations teams for processes like patch management and configuration hardening.

Patch management is another weak point for many companies, creating significant risks. Failure to stay on top of patches occurs mainly because businesses simply don’t have the resources to patch all their applications and many don’t prioritize patches. In many instances, performance metrics for patch management don’t include security measures like risk reduction, and many companies don’t maintain the proper tools to support the prioritization of security patches.

Flexera recommends a three-tiered approach to security, with the foundation layer consisting of privilege control, segregation of duties, security training, patch management and vulnerability assessment. The hardening layer includes penetration testing, configuration hardening and SIEM, while an advanced layer can include network forensics, network behavior analysis and advanced threat detection.

“The increasing volume (of patches and upgrades) is a main driver for organizations automating their vulnerability management through the use of security intelligence and management platforms that help manage the volume of system and software inventory, vulnerability and threat management,” wrote Cisco Systems (News - Alert) in the company’s 2016 Annual Security Report.

The bottom line is that business need to take a comprehensive, company-wide approach to security with executives and managers educated and on board with security strategies and priorities. With the proper planning and tools, companies can stay on top of threat and patch management and mitigate the damage and losses that can result from software vulnerabilities.




Edited by Maurice Nagle
Article comments powered by Disqus


Free Trials

See For Yourself Why So Many Trust Flexera Software Solutions

Featured White Papers / eBooks

Report: Software Licensing 2016: Seismic Shifts - Shaky Foundations

Report: Software Licensing 2016: Seismic Shifts - Shaky Foundations
Key Trends in Software Pricing & Licensing Survey - 2016 Report...

eBook: How Can You Monetize the Internet of Things?

eBook: How Can You Monetize the Internet of Things?
This eBook provides 5 tips for leveraging your intelligent devices and apps to gain higher revenues, competitive advantages and lower costs as well as discusses software monetization and licensing use cases and success stories...

eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution

eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution
Read this eBook that arms you with 10 reasons to buy - and not build - that can be used to develop the business case for leveraging a commercial Software Monetization solution...

eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?

eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?
This eBook discusses the hardware to software shift, the changing business requirements for successfully managing a software business and provides guidance on next steps...

Featured Press Release

Featured Webinars

Networking Leader Shares Why Transforming their Business was Key to Leveraging NFV Market Trend

Networking Leader Shares Why Transforming their Business was Key to Leveraging NFV Market Trend
Attend this webinar to hear Richard Jenny, Director of Program Management and DevOps with ADVA Optical Networking discuss why they decided to leverage a Software Monetization platform instead of building their own software licensing, entitlement management and software update solution.

Expert Panel: Software Monetization Trends and Best Practices with IDC and Flexera Software
Join Software Monetization experts as they share predictions and best practices on the topics that are driving transformation in the technology industry. If you are a software vendor looking to adopt new subscription, usage and outcome-based business models or a device manufacturer looking to monetize your software and establish recurring revenue models, this panel discussion will address all these issues as well as the impacts of cloud, virtualization and IoT.

Webinar: Software Monetization Maturity Model - How to Get Your Organization to the Next Level
Application producers are faced with many challenges as they try to grow revenue and streamline back-office processes, and those that are thriving have adopted a strong and well thought out software monetization strategy