Vulnerability Management: Most organizations have a backlog of 100,000 vulnerabilities

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

The threat landscape never ends. Almost every day, a new vulnerability pops up in one form or another. In fact, according to NIST, 18,378 vulnerabilities were reported in 2021, and most organizations' vulnerability management programs aren't fit for purpose.

Each of these vulnerabilities presents a potential entry point for attackers to exploit and gain access to sensitive information. However, many organizations lack the expertise or internal resources to patch these vulnerabilities at the pace required to keep their environments secure.

A new study released today by Rezilion and the Ponemon Institute found that 66% of security managers report a backlog of vulnerabilities of more than 100,000 vulnerabilities. It also revealed that 54% say they were able to fix less than 50% of backlog vulnerabilities.

Above all, the data indicates that the way most organizations approach vulnerability management is neither scalable nor fit for purpose, and provides cybercriminals with plenty of opportunities to gain access to critical data.
Event
MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
register here Why Vulnerability Management is Difficult
The challenges of managing vulnerabilities aren't necessarily new. According to NTT Application Security, the average time to fix a vulnerability in 2021 was 202 days. Rezilion research also highlights that remediation is a problem, with 78% saying high-risk vulnerabilities take longer than 3 weeks to fix.

At the heart of this failure to effectively mitigate vulnerabilities is the lack of necessary tools.

“It comes down to a lack of tools, people and information to properly address this challenge. Survey respondents say there are a number of reasons why it is taking so long, including the time it takes and the complexity of the task,” said Rezilion CEO and co-founder Liran Tancman.

“Some of the factors they mentioned include an inability to prioritize what needs to be fixed, as well as a lack of effective tools and a lack of resources. of security talent is well documented,” Tancman said.

Tancman also points out that few organizations have the visibility or context to determine what needs to be fixed, which makes managing a backlog overwhelming.

Nowhere is this lack of visibility more clearly demonstrated than with the failure of many organizations to patch Log4j, with a report released earlier this year finding that 70% of organizations that previously addressed the vulnerability of their attack surface are still struggling to fix Log4j. - vulnerable assets and prevent new instances from resurfacing.
Automation is the answer
Fortunately, automation provides an effective answer to the vulnerability management challenge by allowing security teams to automate the process of scanning for vulnerabilities and continuously identifying exploits.

This not only reduces the time it takes to fix vulnerabilities, but also frees up the security team to focus on more rewarding tasks. Rezilion research suggests that automation can be an important...

Business Sep 14, 2022 0 229 Add to Reading List

Vulnerability Management: Most organizations have a backlog of 100,000 vulnerabilities

Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.

The threat landscape never ends. Almost every day, a new vulnerability pops up in one form or another. In fact, according to NIST, 18,378 vulnerabilities were reported in 2021, and most organizations' vulnerability management programs aren't fit for purpose.

Each of these vulnerabilities presents a potential entry point for attackers to exploit and gain access to sensitive information. However, many organizations lack the expertise or internal resources to patch these vulnerabilities at the pace required to keep their environments secure.

A new study released today by Rezilion and the Ponemon Institute found that 66% of security managers report a backlog of vulnerabilities of more than 100,000 vulnerabilities. It also revealed that 54% say they were able to fix less than 50% of backlog vulnerabilities.

Above all, the data indicates that the way most organizations approach vulnerability management is neither scalable nor fit for purpose, and provides cybercriminals with plenty of opportunities to gain access to critical data.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

The challenges of managing vulnerabilities aren't necessarily new. According to NTT Application Security, the average time to fix a vulnerability in 2021 was 202 days. Rezilion research also highlights that remediation is a problem, with 78% saying high-risk vulnerabilities take longer than 3 weeks to fix.

At the heart of this failure to effectively mitigate vulnerabilities is the lack of necessary tools.

“It comes down to a lack of tools, people and information to properly address this challenge. Survey respondents say there are a number of reasons why it is taking so long, including the time it takes and the complexity of the task,” said Rezilion CEO and co-founder Liran Tancman.

“Some of the factors they mentioned include an inability to prioritize what needs to be fixed, as well as a lack of effective tools and a lack of resources. of security talent is well documented,” Tancman said.

Tancman also points out that few organizations have the visibility or context to determine what needs to be fixed, which makes managing a backlog overwhelming.

Nowhere is this lack of visibility more clearly demonstrated than with the failure of many organizations to patch Log4j, with a report released earlier this year finding that 70% of organizations that previously addressed the vulnerability of their attack surface are still struggling to fix Log4j. - vulnerable assets and prevent new instances from resurfacing.

Automation is the answer

Fortunately, automation provides an effective answer to the vulnerability management challenge by allowing security teams to automate the process of scanning for vulnerabilities and continuously identifying exploits.

This not only reduces the time it takes to fix vulnerabilities, but also frees up the security team to focus on more rewarding tasks. Rezilion research suggests that automation can be an important...