To a cyber criminal, vulnerabilities on a network are hidden, high-value assets. Their targeted exploitation may result in unauthorized entry into a network, which can expose confidential information, provide fuel for stolen identities, cause theft of business secrets, violate privacy provisions of laws and regulations, or paralyze business operations. New vulnerabilities appear every day due to flaws in software, faulty configuration of applications and infrastructure, and human error. Whatever their source, vulnerabilities do not go away by themselves. Their detection, removal and control require vulnerability management (VM) - the calibrated, continuous use of software tools and workflow that proactively purges exploitable risks.

This guide describes the need for VM. It introduces the sources of vulnerabilities and their related fallout, then relates why the nature of modern threats to the network requires automated technology to counter sophisticated exploits. The guide defines elements of VM and how it controls the detection and remediation process. As an important byproduct, VM can also document compliance with security provisions mandated by legislation, industry and business policy. VM can be implemented for networks of all sizes with cost-effective technology that automates much of what used to be a complex, manual process. The assurance of security provided by VM prevents fallout from malicious exploits and preserves continuity of business operations.