Skip to main content

How Managed Risk Best Addresses the Three Pillars of Cybersecurity

Comparing and contrasting the effectiveness of Vulnerability Assessment (VA), Vulnerability Management (VM), Risk-Based Vulnerability Management (RBVM), and Managed Risk®.

Performing a vulnerability assessment (VA), implementing a vulnerability management (VM) program, and upgrading your proactive security program with a risk-based vulnerability management (RBVM) approach may help your organisation effectively deal with cybersecurity vulnerabilities.

However, it is vital to understand the difference between them—what they do well, what they don’t do well, and what they simply cannot do.

A simple tool for evaluation is to judge them by the three pillars of cybersecurity: people, process, and technology. For an organisation to have truly effective cybersecurity, the tools, and solutions they employ must address each of these three pillars.

So how do they stack up?

Vulnerability Assessment

Vulnerability assessment is the process of identifying, classifying, and prioritising vulnerabilities in business systems. Assessments can focus on internal, external, or host-based vulnerabilities. A vulnerability assessment has a specific start and end date.

How does it address the three pillars? Since it has start and end date, it is not really considered a process, the technology component is premature most of the time, it does not really address the people component. So ... not very well.

Vulnerability Management

Vulnerability management is a continuous process and set of solutions that identify, track, and prioritise internal and external cybersecurity vulnerabilities, optimising cyberattack prevention activities such as patches, upgrades, and configuration fixes. It relies upon the Common Vulnerability Scoring System (CVSS)

Even though it is a great starting point for the proactive cybersecurity program, it comes up short in regard to the three pillars — not adequately addressing the human component, business impact, threat intelligence, asset context and risk context points of view.

Risk-Based Vulnerability Management

Risk-based vulnerability management (RBVM)—also known as threat and vulnerability management or enterprise risk management—is a process that reduces vulnerabilities across your attack surface by prioritising remediation based on the risks they pose to your organisation. RBVM goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with a threat context and insight into potential business impact. Also, it correlates asset criticality, vulnerability severity, and threat actor activity.

RBVM does an excellent job addressing the process and technology pillars of cybersecurity. However, it does not consider the people pillar at all. This is why making this tool operational can be such a challenge.

You may be asking (and rightly so), if neither of these three tools adequately promotes strong cybersecurity, then what’s an organisation to do?

The solution lies in managing your cyber risk with a solution that enables you to discover, benchmark, and harden your environment against digital risks across your networks, endpoints, and cloud environments.

Arctic Wolf Managed Risk

Built on the industry’s only cloud-native platform to deliver security operations as a concierge service, Arctic Wolf Managed Risk enables you to continuously scan your networks, endpoints, and cloud environments to quantify digital risks.

Arctic Wolf is uniquely effective at Managed Risk because our 24x7 Concierge Security® Team takes a holistic approach to digital risk. We start with the basic task of discovering risks in your software, assets, and accounts. Then we find risk in those items by both looking for vulnerabilities and benchmarking against configuration best practices. Once we have that perspective, we advise you on how to prioritise your remediation actions to ensure that you are continually hardening your security posture.

Arctic Wolf Managed Risk is more effective than VA, VM, and RBVM at addressing the three pillars of cybersecurity. And it doesn’t add another acronym to the cybersecurity industry—which is a bonus! 

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar