Legacy vulnerability and patching tools use primitive risk metrics to prioritize vulnerabilities. Their calculation is typically based on CVE scores and a simple business impact model (high, medium, low), which leads to priority inversion and wasted effort.
Comprehensive risk-based prioritization of vulnerabilities factors in 5 elements— vulnerability severity, threat level, business criticality, exposure/usage and the risk-negating effect of compensating controls. This results in very accurate prioritization and helps you avoid needless busy work fixing low priority issues.
Read this handy guide to learn more about 6 essential pillars for comprehensive prioritization.