Risks that threaten the security and availability of networks and applications range from newfound software and operating system vulnerabilities-- announced at a rate of 155 a week in 2006-- to misconfigurations and errors that easily creep into server, firewall, and end-point settings. Rapid changes within technology, new server and software deployments, and the evolving sophistication of attack methods used to infiltrate systems and steal data create the greatest set of challenges faced by security and IT administrators trying to keep their systems secure and within regulatory compliance.
That's why-- whether protecting five servers or 5,000-- measuring the security
status of your infrastructure and your organization's ability to rapidly mitigate emerging threats needs to be continuously monitored and measured.
It's impossible to secure what isn't measured. Without an accurate depiction
of your network, the ability to identify real-world security threats and evaluate your organization's ability to respond, there's no way to improve, let alone understand, the true security posture of your infrastructure. More and more, companies seeking to better manage complex threats and increased regulatory demands are enhancing their security efforts by establishing effective and sustainable vulnerability and risk management programs that quantify their security progress to maintain the confidentiality, integrity, and availability of business data and networks.