惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
Jina AI
Jina AI
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
C
Cybersecurity and Infrastructure Security Agency CISA
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
Securelist
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
LINUX DO - 热门话题
博客园 - 三生石上(FineUI控件)
T
Threatpost
T
The Blog of Author Tim Ferriss
C
CERT Recently Published Vulnerability Notes
IT之家
IT之家
P
Palo Alto Networks Blog
Microsoft Azure Blog
Microsoft Azure Blog
Spread Privacy
Spread Privacy
Cyberwarzone
Cyberwarzone
腾讯CDC
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
T
Tor Project blog
AWS News Blog
AWS News Blog
T
Tenable Blog
NISL@THU
NISL@THU
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
MongoDB | Blog
MongoDB | Blog
MyScale Blog
MyScale Blog
D
DataBreaches.Net
Microsoft Security Blog
Microsoft Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
量子位
美团技术团队
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
罗磊的独立博客
The GitHub Blog
The GitHub Blog
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Stack Overflow Blog
Stack Overflow Blog

Check Point Blog

AI Appreciation Day: Let's Be Honest About What We're Appreciating - Check Point Blog AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
The Case for a Vulnerability Operations Center
lizwu@checkpoint.com · 2026-05-15 · via Check Point Blog

Vulnerability remediation has become an execution problem. Security teams are generating more findings than ever, but too often those findings do not translate into timely risk reduction. The gap between newly introduced exposure and effective remediation continues to widen. 

Addressing that gap requires more than improved scanning, better dashboards, or additional tooling. It requires a dedicated operating model. This is the role of the Vulnerability Operations Center, or VOC. As Dr. Natalie Foster Johnson, Executive Director of the CyberMINDS Research Institute, explains, “Operationalizing a VOC is a maturity step that allows organizations to address exposure concerns earlier, reducing risk before incidents occur rather than reacting afterward.” 

A VOC centralizes how organizations qualify, prioritize, and drive remediation. Its purpose is not simply to observe exposure, but to actively reduce it through coordinated action. 

The security industry has faced a similar inflection point before. When threat detection became continuous and alert volumes overwhelmed decentralized response models, organizations formalized the Security Operations Center. Vulnerability remediation is now reaching the same inflection point. Volume, speed, and complexity have outgrown distributed ownership. The VOC emerges as the response. 

Industry data reflects that this shift is already underway, with many organizations adopting or planning VOCaligned models. 

Why Traditional Vulnerability Management Fell Behind 

Traditional vulnerability management was built for a slower environment. Teams scanned periodically, assigned severity scores, opened tickets, and remediated in cycles. That approach worked when infrastructure was stable and findings were manageable. 

That environment no longer exists. Cloud and hybrid architectures change continuously, and rapid deployment introduces new weaknesses faster than periodic workflows can absorb. 

At the same time, remediation ownership has fragmented. Infrastructure, cloud, endpoint, identity, and application teams each control parts of the attack surface. Vulnerabilities may be identified centrally, but remediation depends on coordination across teams that operate with different priorities. 

This fragmentation contributes to prioritization challenges, but it is not the only cause. Prioritization also breaks down when teams lack context such as threat activity, business impact, compensating controls, or exploitability. Severity scores alone become a blunt instrument, and remediation tends to focus on what is easiest to fix rather than what reduces risk. 

Backlogs grow, and highrisk exposures remain open longer than they should. 

This structural mismatch has only intensified as CVE disclosures have continued to grow year over year. 

Source: https://www.cve.org/About/Metrics

From Vulnerability Lists to Exposure Management 

Once remediation becomes an execution challenge, the unit of work must change. Managing vulnerability lists is no longer sufficient. Organizations must manage exposure. 

A vulnerability in isolation provides limited insight. Risk materializes only when a weakness is reachable, exploitable, and connected to systems or identities that matter to the business. A lowerseverity issue on an internetfacing asset may represent greater risk than a critical vulnerability that is isolated. 

This reflects how attackers operate. Exploitation is selective, which means prioritization must be grounded in reachability, exploit activity, and business impact, not severity scores alone. 

The Continuous Threat Exposure Management (CTEM) framework formalizes this shift by treating exposure management as a continuous discipline across discovery, prioritization, validation, and action. However, exposure insight alone does not reduce exposure. Without clear ownership, it remains theoretical. 

As organizations adopt CTEM, vulnerability management is evolving from a technical function into a coordinated operational discipline. 

This is where the Vulnerability Operations Center becomes essential. 

The Vulnerability Operations Center as a Control Tower 

A mature Vulnerability Operations Center functions as an operational control tower for vulnerability and exposure management. It does not replace existing security or delivery teams. Instead, it coordinates their efforts through a centralized, accountable model. 

“A VOC shifts the focus from simply finding vulnerabilities to operationalizing exposure reduction, with clear ownership, coordination, and measurable remediation outcomes.”
— Dr. Natalie Foster Johnson, CyberMINDS Research Institute, Cybersecurity and Critical Infrastructure Resilience Strategist. 

One of the most critical roles the VOC plays is establishing governance. It bridges the gap between security teams that identify vulnerabilities and operational teams responsible for remediation by introducing structured workflows, prioritization criteria, escalation paths, and accountability aligned to business risk. 

Recent industry research confirms that organizations are moving in this direction. In a 2025 survey of enterprise security leaders, 65% reported having a VOC or VOCaligned model in place. Among those organizations, most rated it as delivering medium to high value, and 14% indicated active plans for adoption. 

Source: CESIN “Baromètre de la cybersécurité des entreprises” Rapport d’étude – Vague 11 Janvier 2026

In practice, VOC adoption varies significantly by organizational maturity. Larger enterprises with established CERT or vulnerability response teams are more likely to formalize a dedicated VOC function. 

Smaller organizations often struggle to staff even a basic CERT. In these environments, vulnerability remediation typically sits with SOC, infrastructure, or managed service teams, and is often treated as a periodic audit activity rather than a continuous operational discipline. While many reference exposure frameworks such as CTEM, execution remains assessmentdriven rather than ongoing. 

These constraints have led to the rise of VOCadjacent models, where coordination and remediation steering exist, but without a formally defined VOC structure. 

When organizations do implement a formal VOC, the function typically focuses on five core missions: 

  1. Detection and collection: Consolidates signals across tools to establish a unified view of exposure
  2. Qualification and contextualization: Applies technical and business context to determine real criticality
  3. Prioritization: Defines remediation order based on risk, not severity alone
  4. Remediation steering: Drives execution through tracking, escalation, and accountability
  5. Reporting and governance: Provides visibility into exposure reduction and progress. 

To operate effectively, VOC teams focus on KPIs that reflect execution rather than discovery volume. These include remediation timelines, exposure backlog reduction, SLA performance across asset classes, and indicators of sustained progress versus onetime cleanup. Mature teams may also monitor responsiveness and remediation followthrough across owning teams to reinforce accountability. 

Operational ownership patterns further reinforce this shift. Survey data shows that 41% of organizations now manage their VOC (or similar organizational group) in house, up from 30% in the previous survey cycle, signaling a clear move toward centralized internal accountability rather than outsourced or informal remediation models. 

The VOC works alongside the Security Operations Center. While the SOC focuses on detection and response, the VOC focuses on prevention through remediation. 

Turning Activity into Risk Reduction 

By centralizing prioritization and remediation steering, the VOC provides the structure required to act on exposure continuously instead of reacting after exploitation. This is where exposure management plays a critical role. By bringing findings into a single, prioritized view and enabling teams to act directly, it helps close the gap between identifying risk and reducing it in practice. 

Learn how Continuous Threat Exposure Management supports exposuredriven security operations: Exposure Management Solutions – Check Point Software