Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Survey reveals zero day vulnerabilities most critical.

Lumension Security : 30 July, 2007  (Technical Article)
Patchlink survey demonstrates user demand for reduced lapsed time between discovery and cure in vulnerability management.
Zero-day vulnerabilities are the top security concern for the majority (54 percent) of IT professionals, according to the results of an annual customer survey conducted by PatchLink Corporation, a global leader in security and vulnerability management. The survey, completed by more than 250 CIOs, CSOs, IT managers and network administrators across Europe, Asia Pacific and the U.S. , revealed that hackers are the second biggest security concern (35 percent) followed closely by malware/spyware (34 percent).

"The prospect of zero-day attacks is extremely troubling for organizations of all sizes. Today's financially motivated attackers are creating customized, sophisticated malware designed to exploit unpublished application vulnerabilities in specific applications before they can be fixed," said Charles Kolodgy, research director at IDC. "The problem is compounded by the ever-present human element. User behavior is difficult to control, and many hackers rely on users' lapses in judgment to carry out their malicious activity. They also prey on the fact that many IT departments are spread thin and simply do not have the resources necessary to proactively defend against zero-day threats."

According to survey results, faster remediation and more comprehensive risk assessment and prioritisation help organizations proactively address these concerns. IT managers reacted far quicker to emergency patches this year as compared to last, as 29 percent of organizations deployed critical updates within two hours during 2007 compared to just 14 percent in 2006. Seventy (70 percent) of IT managers completed fire-drill remediations within eight hours in 2007 compared to just 39 percent during the previous year. In addition, many respondents (60 percent) supplemented their vulnerability management process to include both agent- and network-based vulnerability scanning. As a result, a vast majority (99 percent) of respondents say their organisations are as secure or more secure today than they were in 2006.

Despite improved vulnerability management, the survey reveals that the inability to effectively control user behavior and the shrinking time from vulnerability to exploit are the most significant challenges to combating zero-day threats. As a result, IT managers are trying to gain control through an increasing number of security products and time spent monitoring and setting policies. Fifty (50) percent of respondents said they have more than 10 agents currently installed to perform security and/or operations tasks. Most respondents (66 percent) said they spend an hour or longer every day monitoring security and IT consoles, administrating agents and updating security policies.

"While the overall survey results demonstrate the effectiveness of a sound vulnerability management solution—especially in the most critical situations—they also reveal a glaring need for continuous protection and a more consolidated security approach," said Patrick Clawson, chairman and CEO of PatchLink. "By acquiring Harris STAT and SecureWave products, we are taking a significant step towards delivering a single platform for unified protection and control of all critical IT assets and data. This approach will reduce the number of agents that our customers have to manage, and enables them to remain completely protected from all malicious exploits - both known and unknown."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo