Vulnerability management embraces new functions

Vulnerability management (VM) solution providers have always held their own in the global network security domain. VM technologies scan network endpoints such as desktops and mobile devices against a library of known bad binaries and configuration errors to reduce the attack surface.

As contemporary cyber defense infrastructure evolves into a multi-layered network, VM vendors are broadening their horizons to offer a plethora of technologies as value-added services.

New analysis from Frost & Sullivan finds that the market earned revenues of $605.3 million in 2014 and estimates this to reach $1.1 billion by 2019.

“The paradigm of VM scanning is changing as continuous monitoring takes precedence over regularly scheduled scans,” said Frost & Sullivan Network Security Industry Analyst Christopher Kissel. “While VM remains important in the eyes of network security teams, potential customers expect a level of cyber security defense that VM alone cannot provide.”

Moreover, VM vendors are competing with several endpoint security platforms for static network defense dollars. VM suppliers can enhance the value of their software engagements by adding endpoint posture assessment, network mapping, compliance auditing and reporting, as well as endpoint knowledge to their portfolio.

To keep up with the dynamic demand for functionality, VM vendors are also actively looking to offer a complete threat mitigation environment outside of the endpoint assessment domain. Many providers are including log management in their platforms. Some deliver a combination of credentialed and non-credentialed scans that monitor user credentials for changes or escalations in privileges.

“Threat prioritization is fast becoming a sought-after feature in enterprises since the ability to identify and remediate a serious threat at the earliest lowers the likelihood of an advanced persistent threat,” noted Kissel. “The depth of analytical capabilities will be another differentiator for participants in the VM space.”

In this particularly vibrant time for the global market, VM solution providers that can tangibly prove low false positives and reliably align solutions to risk mitigation will emerge as market leaders.