“You get what you pay for.” “If it sounds too good to be true, it probably is.” Buy cheap, buy twice.” Just some of the many sayings which argue that the only way to receive high quality items or service, is to pay accordingly for them. While this can certainly be the case for clothing, food, cars, electronics etc, we argue that you can get best in class support cheaply or even free for areas as important as cybersecurity. Yes, it is possible to get free vulnerability management technology. Let’s look at how it works.
The world of vulnerability scanning is evolving rapidly and platforms now exist which monitor your systems 24/7, rather than running a quick scan every week or month. With constant scanning, this means they can alert you to vulnerabilities in the instant they appear so that you can tackle them before they become a real problem to your business. Of course, platforms like this will set you back at least a few hundred pounds a month depending on the size of your business.
If you’re happy to opt for a less frequent option, OpenVAS is a free, open-source tool and includes over 50,000 vulnerability tests. It is highly rated for helping users detect a wide range of vulnerabilities in network services, operating systems, and web servers.
Scanners can identify tens if not hundreds of new vulnerabilities affecting your business each time and with remediation teams stretched to their limits, the need to prioritise the scan results has grown more and more important.
Manual triage may seem like the free option here but it’s actually costing your team quite a bit. Not only that, but it often requires a dependency on CVSS – another prioritisation method we do not recommend.
The alternative is to automate the process.
There are a host of vulnerability prioritisation platforms to choose from, but many are too expensive for small to medium businesses. Not only that, but they use secret algorithms to carry out their work. While this enables them to scale, it takes away any transparency in the process, and control you have over a risk-based vulnerability management process. How can you be confident you’re running the best vulnerability management programme when you can’t be certain you’re remediating the most critical issues?
Fortunately, there is free vulnerability prioritisation technology which keeps you in control because it follows rules that you set. RankedRight Essential works with all the leading scanners, ingesting their data, prioritising it and then delegating vulnerabilities to the most appropriate teams to resolve. A massive headache taken from your team at no cost whatsoever.
Of course, the prioritisation rules only work if the person setting them knows what they’re doing. With the cybersecurity industry facing a major skills shortage, the pressure is on CISOs and CIOs to ensure they have a hard-working, committed and highly skilled team in place.
Training can be a great solution not only to fill gaps in knowledge or expertise but also to reward teams for their hard work. But is there such a thing as free vulnerability management training?
The short answer is not officially. To achieve accreditations and qualifications, you need to pay for an education board’s tutors, exams and course materials. It is possible to squeeze in some vulnerability management training on a free trial on LinkedIn’s learning platform but if you’re after in-depth training, it’s going to be down to you.
It is possible to create a robust training program yourself by undertaking the following:
In addition, why not speak to HR to see if they have any training subscriptions with unused credits that your team can use. It may even be the case that their department can fund your training instead.
If there is one thing that the web is not short of – it’s content. There are over 40 media titles online dedicated to cybersecurity, working hard to keep their finger on the pulse of new threats and solutions. Therefore, if you can assign a few publications to each member of your team to scan each morning, you’ll end up with a rich bank of knowledge that didn’t cost you a thing.
In addition, you can benefit from the most up-to-date vulnerability intelligence for free too. RankedRight enriches every customer’s scan data with this intelligence to help enhance the prioritisation process.
Yes this is actually possible! And no it doesn’t involve any free trials that’s expire after a day or two.
By using RankedRight Essential for your prioritisation, you will uncover more resource for effective remediation and it won’t cost you anything. Let us explain…
Manual vulnerability triage can take teams as much as a day a week to carry out. This means that remediation teams effectively lose this time either waiting for the prioritisation process to be completed or by going ahead and remediating vulnerabilities in any order they see fit.
By automating the process for free with RankedRight Essential, you remove that day of waste, and your remediation team gain that time back to spend on tackling the most critical vulnerabilities. Voila – better remediation results in a risk-based vulnerability management program at no additional cost.
There we have it, free vulnerability management and there’s no time limit. We hope this helps you and if you’d like to learn more about RankedRight Essential, book a demo today.