With prolific security breaches such as SolarWinds dominating the news, organizations are daunted by the fear that they could be made infamous in the next major breach. Developing a mature and tightly connected security framework that enables the reduction of risk and improves security capabilities is more critical than ever. While 2020 was fraught with tragic outcomes of social and economic proportions, security teams have learned many lessons on resilience and have orchestrated many technical innovations to secure a distributed workforce. An expanded attack surface, defending against sophisticated multi-stage and multi-vector attack campaigns, and a pressing need to improve operational efficiencies have reframed digital transformation priorities. One important element to help address this challenge is having better automation tools that simplify remediation, provide an operational advantage, and improve security. But are these tools primed and ready to deliver the CISO with quick time to value, a comprehensive risk remediation plan to present to the Board, and assurance that the organization will maintain a mature vulnerability and risk management program that averts increasing attacks? A fresh approach to breach and attack prevention is needed to shift defense paradigms towards proactive security.
At the April 8, 2021, ICIT panel discussion, subject matter experts discussed the gaps that COVID 19 uncovered in current vulnerability management programs and why the combination of trustworthy security policy management and closed-loop vulnerability remediation will become the new citadel for securing large and increasingly complex enterprise networks.