It’s perhaps one of the most well-known and understood foundations of enterprise security – finding and patching outdated software with software updates. However, a newly released survey from cloud IT services provider ServiceNow, Today’s State of Vulnerability Response: Patch Work Demands Attention, found that there is still much work that must be done within the enterprise to close the window of vulnerability, that time between when an application vulnerability becomes known and it is remedied.
To understand the effectiveness of their vulnerability response tools and processes, ServiceNow surveyed about 3,000 security professionals from nine countries. Survey respondents were based in Australia, France, Germany, Japan, the Netherlands, New Zealand, Singapore, the United Kingdom, and the United States, and represent organizations with more than 1,000 employees, ServiceNow said. For the purpose of the survey, ServiceNow defines vulnerability response is the process companies use to prioritize and remediate flaws in software that could serve as attack vectors.
According to the survey findings, firms continue to struggle with patching because they approach the processes manually and don’t have the insight needed to decide what systems should be patched first. The study claimed that efficient vulnerability response processes are critical because timely patching is “the most successful tactic companies employed in avoiding security breaches.”
“Automating routine processes and prioritizing vulnerabilities helps organizations avoid the ‘patching paradox,’ instead focusing their people on critical work to dramatically reduce the likelihood of a breach,” ServiceNow wrote in this news release.
According to the survey:
There’s no doubt that patching is an essential part of risk management, and with the number of tools out there to help automate the patching processes it’s surprising to see so many organizations still relying on manual processes. We write a lot about the importance of automating, and patching security vulnerabilities should be high up on the priority list of security processes to automate.
tags
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.
View all postsDon’t miss out on exclusive content and exciting announcements!