Every IT security professional knows that the battle to protect IT resources and data is fully engaged. In its 2012 Data Breach Investigations Report, Verizon registered 174 million compromised records for 2011, compared with 4 million compromised records reported in the 2010 findings. This suggests that cybercriminals - responsible in 98% of the cases - continued to automate and refine their attack methods.
The ongoing struggle to prevent hackers from breaching assets and malware from gaining a foothold requires a vulnerability management strategy that begins with a comprehensive measurement of security risk. Organizations must examine the entire IT stack, including the operating system, network, applications, and databases. The cycle of discovering assets, capturing and processing vulnerability data, identifying actual risks, testing and prioritizing mitigation tasks, and verifying effective controls grows more complex with every new technology that adds convenience but multiplies risk of a breach or incident. These new technologies include dynamic, virtualized environments and services outside traditional physical IT infrastructures, such as virtualized, cloud-based services and social networking.