Beyond Traditional Cyber Vulnerability Management


NorthStar Navigator’s risk-based approach to vulnerability management


As vulnerability management has matured as a process, a standardized taxonomy and language has evolved to satisfy the need for security professionals to formalize the way they describe and talk about vulnerabilities. Growing out of this effort, CVE IDs and CVSS scores soon became the standard for classifying, managing, and remediating vulnerabilities.

As a result, security tools have heavily focused on technical severity ratings and external threat intelligence to enrich vulnerability data, enabling organizations to begin basic prioritization of remediation efforts. This focus on technical severity has dominated the vulnerability management market and thought leadership for many years.

But no more. It’s time to look beyond vulnerabilities.

As organizations look beyond vulnerabilities in their remediation programs, NorthStar Navigator is helping in taking the next step in vulnerability management program evolution. How? By widening visibility beyond traditional vulnerabilities to include additional critical aspects of risk management and remediation. NorthStar enables vulnerabilities to be categorized as a subset of the larger family of exposures.

Common exposure categories may include traditional vulnerabilities, missing OS and application patches, missing or misconfigured common tooling, and misconfigurations of system and security settings. Each of these categories represent a uniquely important and measurable impact on the attack surface and subsequent risk related to an asset that cannot be adequately expressed in the current lexicon of vulnerability management.


To learn more about exposure remediation (beyond vulnerabilities), contact us at

Download the white paper HERE