Checklist for Selecting a Vulnerability Management SolutionJune 14, 2022 - 2 min read
In 2022, there have been leaps and bounds made with more robust and complete Vulnerability Management solutions. The Global 3000 Enterprise now has the luxury to expect the solution to meet a very high bar. But does the Enterprise know what it wants?
The balance between a scalable and accurate vulnerability management solution has been top of mind for Enterprises for some time now (as it should be). Looking to solve for both, though, should not be at the expense of other requirements. We have put together a checklist of eight important requirements that might benefit your evaluation of Vulnerability Management Solutions in 2022.
- Time Zones – Global means global. Make sure your service follows the sun. Bonus Checklist Item – make sure that your supplier does not achieve this through partnered or sub-contracted relationships that could affect operational efficiency. It should be 100% in-house. Service quality consistency can suffer when your supplier attempts to cobble together third parties to meet your time zone requirements.
- Disaster Management – Your provider should be able to demonstrate resilient zones across geographic areas and offer a two-to-three second return to service after any failure.
- Performance – The platform interface simply should not demonstrate any meaningful lag for human operations. Page performance should be under 3 seconds even under heavy load times.
- Contextualized Alerts – Your selected solution should provide custom alerts that can be contextualized for your needs within your country, industry, and company.
- Integration to Enterprise Support Systems – Your solution should be able to take ranked alerts and automatically communicate them in a format your operational support teams already leverage (IT Service Management System, IM, Tickets, email etc.)
- Prioritization of Assets – The system should be pre-built to allow asset types to be prioritized against what matters the most for each client’s business. Your critical items and not-so critical items must be categorized accordingly.
- Modular Platform – The solution needs to be adaptable to accommodate clients who only need a sub-set of the services on offer or want to scale to the full platform over time. Your provider must demonstrate value against your immediate departmental needs (API, Network, Web Apps, Attack Surface Management, Pen Testing etc.) and demonstrate long-term capacity to scale.
- Client Self-Service – Ideally clients themselves should be able to configure what alerts – network, web apps, API etc. – and what locations – North American server, European Database etc. – get alerted. Ultimately this is your tool, and you need the ability to steer it strategically yourself.
If you would like to learn more about the steps the Edgescan engineering and security team took to create the ideal Vulnerability Management War Room, download our whitepaper from the link below.