5 Steps to Building a Vulnerability Management Program Pt. 3

As we reach the end of October and the end of Cyber Security Awareness Month, we are also ending our current series on building a vulnerability management program. We've given you five easy steps to follow to build or improve your vulnerability management program. Just because this month is only recognized once a year doesn't mean you should lose sight of its importance. If you are ready to get started building your security posture, let us know how we can help. 

Step 5: Monitoring

Like most cycles, vulnerability management is a “rinse and repeat” process. Once you have patched the top five biggest vulnerabilities in your network, there are going to be five more after that. More and more vulnerabilities are introduced every day which is why we put so much focus on Microsoft’s Patch Tuesday among other announcements across our industries. Vulnerability scanning and penetration testing may only be required once annually, but in order to mitigate real risk in your network, you should be doing these often. 

Another way to monitor your network is through monitoring your devices for threats. While a vulnerability scanner will show you what vulnerabilities exist in your network at any point in time, a threat detection solution will actually consider the real-time traffic of any device connected to your network and will alert you when any one of those devices becomes compromised, such as communicating with a bad actor so that you can work on shutting it down before it can become a breach and exfiltrate email or cause other damage. Network threat detection and vulnerability management should work hand in hand in order to monitor and protect your devices and applications on your network.


As I stated previously, two of the biggest cyber-security stories of the past year have been related to an unpatched vulnerability. If those organizations didn’t already have a vulnerability management program, I bet they do now. This is not a threat that is going to go away and bad actors will continue to use these vulnerabilities as a how-to guide in order to breach your network. Make sure you have a vulnerability management program in place to help you set smart goals, prioritize your work, apply the right patches, test to make sure they are working and then continuously monitor your network for any signs of communicating with a bad actor.