What's Your Cyber Defender Style?
There are four common vulnerability assessment strategies in use today. Take our brief, seven-question quiz to see how your practices compare - and what they say about your overall cyber maturity
Take the quiz
How would you rate your vulnerability assessment maturity?
o1
least mature
most mature
1
2
3
4
5
<<< Back
Next >>>
Download the full report
1 of 7
How frequently does your organization run scans?
Monthly
Weekly
Many times per week
Every 1-2 days
o2
SCAN FREQUENCY
(i.e. how frequently do you run scans?)
2 of 7
How many different scans do you launch on a typical scan day?
SCAN INTENSITY
1 scan
1-6 unique scans
More than 6 unique scans
o3
3 of 7
What proportion of your assets are you scanning?
ASSET COVERAGE
Only a small proportion of our total assets (Less than 30%)
Mainstream assets such as workstations and servers (30%-70%)
Most assets in our environment (more than 70%)
o4
4 of 7
What proportion of your assets do you scan with agents or authenticated scanning?
AUTHENTICATION
Only a small selection of critical assets
Only mainstream technologies such as Microsoft Windows and Linux
Most assets that support authenticated scanning
o5
5 of 7
Do you...
VULNERABILITY COVERAGE
Use one of the basic out-of-the-box scan templates to conduct all your scans
Use various out-of-the-box scan templates based on use case or need
Use customized and tailored scan templates for specific use cases
o6
Use one comprehensive scan template containing all vulnerability detections for all assets
6 of 7
What kind of company do you work for?
See Results >>>
o7
Hospitality
Transportation
Telecommunications
Electronics
Banking
Retail
Other
Consulting
Finance
Manufacturing
Entertainment
Technology
Insurance
Not For Profit
Government
Education
Healthcare
Engineering
Utilities
Employee numbers:
<250
<1,000
<5,000
=/>5,000
7 of 7
Your cyber defender style is...
Diligent Style
Investigative Style
Surveying Style
Minimalist Style
Low Maturity: The “Minimalist” Style
The Minimalist executes bare minimum vulnerability assessments as required by compliance mandates.
DESCRIPTION
RECOMMENDATION
Scan frequency: Scans every week, every month or longer
Scan intensity: Executes a single scan at a time
Authentication: little
Coverage: Partial asset coverage
Usage: Leverages a single, comprehensive scan template
Reduce the amount of days between regular assessments.
Extend asset coverage to exposed and critical asset groups and business units.
Leverage credentials or agents for authenticated scanning to gain a deeper and more reliable view of an asset’s vulnerabilities.
Begin leveraging distributed scanning to load balance assessments across multiple scanners and reduce scan duration.
Learn more about your cyber defender style
Low to Medium Maturity: The “Surveying” Style
The Surveyor conducts frequent broad-scope vulnerability assessments, but focuses primarily on remote vulnerabilities.
Scan frequency: Scans every three days or less
Coverage: High asset coverage
Expand the use of credentials and agents for authenticated scanning for a deeper and more reliable view of an asset's vulnerabilities.
Leverage customized scan templates focusing on specific technology families and for specific use cases, such as exploitable vulnerabilities.
Medium to High Maturity: The “Investigative” Style
The Investigator executes vulnerability assessments with a high maturity, but only assesses selective assets.
Scan frequency: Scans weekly or less
Scan intensity: Executes distributed or use case–specific scans
Authentication: Every scan
Usage: Leverages a variety of streamlined, targeted scan templates
Extend asset coverage to the broader organization, not just select assets.
Increase the scan frequency to minimize the time it takes to become aware of, and respond to, critical vulnerabilities.
Expand the usage of customized scan templates focusing on specific technology families and for specific use cases (for example, for exploitable vulnerabilities).
High Maturity: The “Diligent” Style
The Diligent conducts comprehensive vulnerability assessments, tailoring scans as required by use case, but only authenticates selectively.
Scan frequency: Scans every 3 days or less
Scan intensity: Executes many segmented or differentiated scans
Authentication: Selectively
Usage: Leverages distinct scan templates for different use cases
Expand authenticated scanning (credentialed or agent-based) beyond select assets and technologies.
Begin including non-traditional technologies in the scope of your vulnerability management program, such as web, cloud, virtual and mobile assets.
