* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/)
* Best Practices for Managi...

# Best Practices for Managing Vulnerabilities in the Cloud--Part 2

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fmanaging-vulnerabilities-part-two%2F)  
[](https://twitter.com/share?text=Best+Practices+for+Managing+Vulnerabilities+in+the+Cloud%E2%80%93Part+2&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fmanaging-vulnerabilities-part-two%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fmanaging-vulnerabilities-part-two%2F&title=Best+Practices+for+Managing+Vulnerabilities+in+the+Cloud%E2%80%93Part+2&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/managing-vulnerabilities-part-two/&ts=markdown)  
\[\](mailto:?subject=Best Practices for Managing Vulnerabilities in the Cloud–Part 2)  
Link copied  
By [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin") and [Alexandre Cezar](https://www.paloaltonetworks.com/blog/author/alexandre-cezar/?ts=markdown "Posts by Alexandre Cezar")  
May 31, 2024  
6 minutes  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)  
[Vulnerability Management](https://www.paloaltonetworks.com/blog/tag/vulnerability-management/?ts=markdown)

Welcome back to our [Best Practices for Managing Vulnerabilities in the Cloud](https://www.paloaltonetworks.com/blog/prisma-cloud/managing-vulnerabilities-part-one?ts=markdown)series. In part one, we discussed how important it's to have complete visibility into vulnerabilities across your cloud estate, as well as the ability to effectively prioritize risk. But that's only half the battle. The threat of cloud vulnerabilities is evolving and the stakes couldn't be higher.

In its annual release, the Verizon 2024 DBIR reported "substantial growth of attacks involving the exploitation of vulnerabilities as the critical path to initiate a breach. It almost tripled (180% increase) from last year."

But did you realize how much time passes from when a patch becomes available and a vulnerability is resolved? DBIR survival analysis of CISA Known Exploited Vulnerabilities (KEV) showed that 85% weren't remediated at 30 days. The percentage drops to a no less impressive 50% at 55 days and 47% at 60 days. As startling as this is, 20% of KEVs remain at 120 days, according to the [2024 Data Breach Investigations Report](https://www.verizon.com/business/resources/reports/dbir/).

[Vulnerability management](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management?ts=markdown) is a critical aspect of any cloud security strategy. You're well aware of this if you've read part one of this vulnerability management series, which discusses gaining visibility across the [application lifecycle and identifying the most impactful vulnerabilities](https://www.paloaltonetworks.com/blog/prisma-cloud/managing-vulnerabilities-part-one/?ts=markdown). Before we dive into strategies to mitigate risk and enhance your vulnerability management program, let's quickly recap the best practices:

1. Gain visibility across the application lifecycle
2. Identify the most impactful vulnerabilities
3. Take action and remediate vulnerabilities
4. Monitor and report risk burndown

Part Two of this series will arm you with actionable insights and guidance to stay ahead of the curve when it comes to managing vulnerabilities. We'll ensure your organization has the right tools to fix vulnerabilities, monitor progress and report on the success of your vulnerability management program.

Let's get started...

## Best Practice \#3: Taking Action and Remediating Vulnerabilities

Identifying and prioritizing vulnerabilities are key steps to ensure that teams can focus on the risk that matters most. True security lies in actively addressing and remedying these vulnerabilities before they're exploited by malicious actors. Effective remediation requires a systematic and proactive approach, encompassing the following key elements:

1. \*\*Establish Clear Remediation Procedures:\*\*Develop precise and actionable protocols for addressing vulnerabilities, including delineating roles, responsibilities, escalation paths and timelines. A well-defined process ensures coordinated and consistent remediation efforts throughout the organization.
2. **Patch Management:** Implement a robust [patch management](https://www.paloaltonetworks.com/cyberpedia/patch-management?ts=markdown) strategy to apply security patches and updates to vulnerable systems, applications and software. Automated patch management tools can streamline this process for workloads, such as virtual machines, ensuring that critical patches are applied quickly to mitigate known vulnerabilities. For other assets, such as container images and serverless functions, having a system in place that can detect the vulnerability in runtime and find the exact code that introduced it in your code repositories will enable the team to move at a much faster pace. This can improve service level agreements (SLA) and reduce mean time to remediation (MTTR) for business critical applications.
3. **Vulnerability Mitigation Techniques:** In cases where immediate patching is not feasible, employ alternative mitigation techniques such as network segmentation, configuration hardening or the implementation of compensating controls to reduce the risk posed by vulnerabilities.
4. \*\*Continuous Monitoring and Verification:\*\*Implement continuous monitoring mechanisms to detect new vulnerabilities and verify the effectiveness of remediation efforts. Regularly scan and assess systems for new vulnerabilities and conduct periodic penetration testing and vulnerability assessments to validate the security posture of your environment.
5. **Cross Functional Collaboration:** Foster collaboration between security teams, IT operations and development teams to ensure that remediation efforts align with business priorities and objectives. Encourage open communication and knowledge sharing to facilitate the timely resolution of vulnerabilities.

### Prisma Cloud's Approach to Remediating Vulnerabilities

Prisma Cloud assists users in remediating vulnerabilities by tracing them from runtime back to the code that initially introduced the vulnerability, streamlining developers' work and reducing MTTR. Additionally, Prisma Cloud enables users to create tickets, submit pull requests, and export vulnerability information, fulfilling other critical requirements that must be supported.

By taking decisive action to remediate vulnerabilities, organizations can boost their security posture and reduce the risk of cyber incidents.

This proactive approach, combined with comprehensive visibility and prioritization efforts, lays the foundation for an effective vulnerability management program. However, be aware---you aren't quite finished yet. There's still the matter of staying on top of it all. That brings us to best practice number four...
![Figure 1: Prisma Cloud providing the remediation recommendations](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/05/word-image-321831-1.png)
Figure 1: Prisma Cloud providing the remediation recommendations

## Best Practice \#4: Monitor and Report Risk Burndown

Monitoring and reporting on vulnerability metrics are vital components of any organization's cybersecurity strategy. By regularly tracking these metrics, organizations can effectively assess their risk exposure by identifying and prioritizing vulnerabilities based on their severity, potential impact and likelihood of exploitation. With this understanding, it's possible to allocate resources strategically to address the most critical risks first, reducing the overall risk to the organization. The ability to report on progress addressing vulnerabilities is also critical in fulfilling compliance requirements from regulatory bodies. These often mandate the monitoring and reporting of vulnerability metrics to ensure that organizations meet regulatory standards and avoid potential penalties.

Tracking vulnerability metrics over time enables organizations to identify trends and patterns in their security posture so they can continuously improve their security policies and procedures. By allocating resources efficiently and demonstrating transparency through regular reporting, teams are able to effectively communicate their security efforts to stakeholders and maintain trust in their security practices.

### Prisma Cloud's Approach to Monitoring and Reporting on Risk Burndown

Prisma Cloud makes it easy for users to monitor and report vulnerability metrics with the vulnerability management dashboards. Teams can also generate reports based on the information in the dashboards to track their risk at a high level.
![Figure 1: Prisma Cloud’s risk burndown chart](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/05/word-image-321831-2.png)
Figure 2: Prisma Cloud's risk burndown chart

## Learn More

While achieving comprehensive visibility and prioritization are the first steps in building an [effective foundation for vulnerability management](https://www.paloaltonetworks.com/prisma/cloud/vulnerability-management?ts=markdown), remediating vulnerabilities, monitoring and reporting risk burndown are the final pieces in reducing the risk caused by vulnerabilities.

For more specific insights into how Prisma Cloud can help your organization manage vulnerabilities from code to cloud, see how we can [help you find and fix the XZ Utils vulnerability](https://www.paloaltonetworks.com/blog/prisma-cloud/find-fix-zero-day-cves/?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### Best Practices for Managing Vulnerabilities in the Cloud](https://www.paloaltonetworks.com/blog/cloud-security/managing-vulnerabilities-part-one/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### Overcoming Cloud Security Consolidation Challenges](https://www.paloaltonetworks.com/blog/cloud-security/cloud-security-consolidation-challenges/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown), [Digital Transformation](https://www.paloaltonetworks.com/blog/cloud-security/category/digital-transformation/?ts=markdown)

[#### Secure State and Local Cloud Modernization Efforts](https://www.paloaltonetworks.com/blog/cloud-security/stateramp/)

### [API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/api-security/?ts=markdown), [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [Code to Cloud](https://www.paloaltonetworks.com/blog/cloud-security/category/code-to-cloud/?ts=markdown)

[#### API Security and Threat Intelligence Reduce Attack Surface in Prisma Cloud Workload Protection Release](https://www.paloaltonetworks.com/blog/cloud-security/api-security-threat-intel-reduce-attack-surface/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Stop Chasing Ghosts: The Strategic Case for Compensating Controls](https://www.paloaltonetworks.com/blog/security-operations/stop-chasing-ghosts-the-strategic-case-for-compensating-controls/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown)

[#### An Inside Look into ASPM: Five Findings from New Industry Research](https://www.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language