Gartner Research

How to Implement Enterprise Vulnerability Assessment

Published: 17 November 2015

ID: G00281949

Analyst(s): Anton Chuvakin, Augusto Barros


Vulnerability assessment tools play a critical role in enterprisewide cyberdefense. These tools are expanding to cover security configuration assessment, as well as cloud, mobile and virtual environments. This document guides security architects toward effective usage of today's VA technology.

Table Of Contents

Problem Statement

The Gartner Approach

The Guidance Framework

  • Phase 1: Establish the VA Objectives, Scope and Architecture
    • Identify the Main Use Cases for VA and SCA
    • Define the Scope of the VA Process
    • Define the VA Methods
    • Select the VA Tool Architecture
    • Define Vulnerability Scanner Placement
  • Phase 2: Establish the Operating Model
    • Identify Roles and Responsibilities
    • Identify the Consumers of VA and SCA Reports
    • Identify Requirements for VA and SCA Reports
    • Define the Assessment Frequencies for Assets
  • Phase 3: Execute the VA Cycle
    • Define/Tune the Scan Configuration Settings
    • Perform the Scans
    • Prepare and Distribute the Results

Risks and Pitfalls

  • Related Guidance

Gartner Recommended Reading

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.