Vulnerability management is a constant activity, not a static snapshot in time. New vulnerabilities emerge, configurations change, assets are exposed, permissions are modified, and the list goes on. A static snapshot–in-time approach to vulnerability management will leave you blind to the dynamic risk landscape in which we operate.

However, that's exactly how many organizations have traditionally approached the activity of vulnerability management: performing time-boxed activities, such as vulnerability scans, at intervals such as monthly, quarterly, or even annually, and having a false sense of security using this approach.

Meanwhile, malicious actors are continuously seeking to identify vulnerabilities, exploit weaknesses, and compromise vulnerable systems, software, and products. In fact, continuous vulnerability management is even listed as a Center for Internet Security (CIS) Critical Security Control, currently number 7 on the list of controls in CIS Critical Security Controls version 8. This harsh reality requires a more dynamic, iterative, and ongoing approach to vulnerability management, and that's where continuous monitoring (ConMon) comes into play.

Modern vulnerability management programs take into account the dynamic nature of the landscape. They are implementing processes and technologies, underpinned by competent expertise to facilitate this ongoing activity.

In this chapter, we discuss aspects of ConMon for vulnerability ...