Addressing Exposures – Broadening the Focus Beyond Vulnerabilities


NorthStar Navigator’s risk-based approach to vulnerability management


As Vulnerability Management has matured as a process, a standardized taxonomy and language has evolved to satisfy the need for security professionals to formalize the way they describe and talk about vulnerabilities. Growing out of this effort, CVE IDs and CVSS scores soon became the standard for classifying, managing, and remediating vulnerabilities.


As a result, security tools have heavily focused on technical severity ratings and external threat intelligence to enrich vulnerability data enabling organizations to begin basic prioritization of remediation efforts. This focus on technical severity has dominated the Vulnerability Management market and thought leadership for many years.


NorthStar Navigator is the next evolution of Vulnerability Management. It widens visibility beyond traditional vulnerabilities to include additional critical aspects of risk management and remediation. NorthStar enables vulnerabilities to be categorized as a subset of the larger family of exposures.


Common exposure categories may include traditional vulnerabilities, missing OS and application patches, missing or misconfigured common tooling, and misconfigurations of system and security settings. Each of these categories represent a uniquely important and measurable impact on the attack surface and subsequent risk related to an asset that cannot be adequately expressed in the current lexicon of Vulnerability Management.


To learn more, contact us at

Download the white paper HERE