Rethinking Vulnerability Management Strategies for Mid-Market Security

CYBERSECURITY OPERATIONS Rethinking Vulnerability Management Strategies for Mid-Market Security Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management. Terry Sweeney,Contributing Editor March 31, 2026 STUDIO BY INFORMA TECHTARGET Mid-market security teams face a critical blind spot, and Chris Wallis has witnessed it firsthand. "A lot of organizations are still counting vulnerabilities," the Intruder founder and CEO told Dark Reading's Terry Sweeney. "The important thing is how quickly you're fixing them." With CVE counts surging from 30,000 to 50,000 annually — and AI-assisted discovery likely to push that higher — the gap between identifying and addressing vulnerabilities is becoming a major business risk. Wallis, drawing on his penetration testing career, explains why CVE-only strategies leave organizations exposed. During engagements, he often found fully patched environments still compromised due to misconfigured databases, exposed management interfaces, and overlooked attack surface elements that traditional scanners missed. This insight led him to build Intruder, focusing on attack surface management to help stretched security teams address real-world exposures beyond CVEs. The urgency is growing. Mean time to exploit has dropped from months to hours, and Wallis warns it could soon shrink to minutes or seconds. Organizations struggling to patch within 30 days face a dire future without rethinking their approach. On AI, Wallis sees potential for scalability and time savings but notes full reliability is still one to two years away. Related:AI and Quantum Are Forcing a Rethink of Digital Trust Wallis, founder and CEO of Intruder, leverages his experience as a penetration tester and ethical hacker to make enterprise-grade vulnerability management accessible to mid-market organizations, focusing on attack surface management and cyber hygiene. About the Author Terry Sweeney Contributing Editor Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report. In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY OPERATIONS China Imposes One-Hour Reporting Rule for Major Cyber Incidents by Robert Lemos, Contributing Writer OCT 01, 2025 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERSECURITY OPERATIONS Secure Communications Evolve Beyond End-to-End Encryption by Robert Lemos, Contributing Writer APR 04, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity 5 Steps to Stop Ransomware With Zero Trust Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE