Gartner Names CARTA Top Security Project for 2019


Ranked as one of the Top 10 Security Projects for 2019 by Gartner, the creation of a CARTA (Continuous Adaptive Risk and Trust Assessment)-inspired vulnerability management program has become a priority for nearly every CISO and CIO.  While simple in its fundamentals, a CARTA-inspired program zeroes in on several issues with security data generation and handling that organizations consistently struggle with during the day-to-day management of vulnerabilities and exposures. A CARTA-inspired vulnerability prioritization and remediation program typically focuses on the following core elements: 

Full Visibility and Context of Assets and Risk

An organization can only protect what it is aware of.  An effective CARTA-inspired vulnerability management program starts with continuous asset discovery and management and continues through the asset lifecycle. These efforts, while important, are only the first step. To intelligently prioritize vulnerabilities and overall risk, asset data needs to be enriched with business context to provide an essential understanding of the asset’s overall importance and criticality to the business.

Continuous Vulnerability Assessment

As organizations expand the frequency and intensity of vulnerability scanning, the number of identified issues skyrocket.  Most organizations typically have more vulnerabilities than they have time and resources to fix.  The prioritization of vulnerabilities and exposures becomes essential when attempting to focus resources in meaningful and impactful ways.

Reporting and Analytics

IT security and management systems create volumes of data, but most of it is barely useable. The generation of accurate reporting has always needed to correlate data across security and management systems. However, the variances in technology and accessibility often drive organizations back to spreadsheets and manual correlation to produce necessary reporting. As a result, most organizations struggle with producing accurate and meaningful reports for the different technical and non-technical audiences and stakeholders.


As security conditions change and threats emerge, CARTA-inspired vulnerability management programs need to be flexible enough to adapt. Traditionally, incorporating new data and technologies is difficult if the management process is not built from premise that the data, business, and security needs of the organization will change over time. The most mature programs are the ones that focus on proactive reporting and prioritization of issues that maximize the efficient use of resources and drive down the costs of securely operating the business.

How to Effectively Prioritize and Remediate Vulnerabilities

“By 2022, 60% of large enterprises will influence their operational risk and cybersecurity budgets with business-facing service descriptions, costing and governance related to business units selecting their desired level of cost and risk.”

*Gartner, Seven Imperatives to Adopt a CARTA Strategic Approach, 10 April 2018

NorthStar Navigator is uniquely positioned to help organizations plan, deploy, and manage a CARTA-inspired vulnerability management program to effectively frame their risk decisions in a business context.  Rooted in the belief that organizations do not need help generating security and management data, NorthStar focuses organizations on leveraging their existing, inconsistent, and disparate security and management data by providing a platform for collecting, consolidating, and correlating this data into a single source of truth for assets and vulnerabilities. 

Capitalizing on this new, accurate and actionable information, NorthStar provides individualized scoring for the technical severity and business importance of assets to create a means of prioritizing remediations efforts.  Built from the ground up on a flexible data model, NorthStar allows organizations to incorporate the most meaningful and impactful data available to help drive the technical severity, business importance, and prioritization of vulnerabilities both today and into the future.

By leveraging this flexible data model, NorthStar Navigator allows users to quickly create data visualizations and reports in the front-end GUI that will satisfy the varying needs of the organization and individual stakeholders in a single pane of glass experience.

For more information about how NorthStar Navigator can empower your CARTA -inspired vulnerability management program, visit HOW IT WORKS.

Or contact us for a FREE demo!

For the full Gartner article, click here.