Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

IT Professionals Consider Zero-Day Vulnerabilities To Be The Most Critical Security Concern Facing Organisations Today

  • 01 August, 2007 09:52

<p>PatchLink Customer Survey Reveals that Controlling User Behavior and the Shrinking Window from Vulnerability to Exploit are the Key Challenges to Effective Vulnerability Management</p>
<p>Zero-day vulnerabilities are the top security concern for the majority (54 percent) of IT professionals, according to the results of an annual customer survey conducted by PatchLink Corporation, a global leader in security and vulnerability management. The survey, completed by more than 250 CIOs, CSOs, IT managers and network administrators across Europe, Asia Pacific and the U.S. , revealed that hackers are the second biggest security concern (35 percent) followed closely by malware/spyware (34 percent).</p>
<p>“The prospect of zero-day attacks is extremely troubling for organisations of all sizes. Today’s financially motivated attackers are creating customised, sophisticated malware designed to exploit unpublished application vulnerabilities in specific applications before they can be fixed,” said Charles Kolodgy, research director at IDC. “The problem is compounded by the ever-present human element. User behavior is difficult to control, and many hackers rely on users’ lapses in judgment to carry out their malicious activity. They also prey on the fact that many IT departments are spread thin and simply do not have the resources necessary to proactively defend against zero-day threats.”</p>
<p><b>Improved Processes and Confidence</b></p>
<p>According to survey results, faster remediation and more comprehensive risk assessment and prioritisation help organisations proactively address these concerns. IT managers reacted far quicker to emergency patches this year as compared to last, as 29 percent of organisations deployed critical updates within two hours during 2007 compared to just 14 percent in 2006. Seventy (70 percent) of IT managers completed fire-drill remediations within eight hours in 2007 compared to just 39 percent during the previous year. In addition, many respondents (60 percent) supplemented their vulnerability management process to include both agent- and network-based vulnerability scanning. As a result, a vast majority (99 percent) of respondents say their organisations are as secure or more secure today than they were in 2006.</p>
<p>“In 2003 and then again in 2004, we were hit with devastating worms that exploited vulnerabilities in different applications before we could release the patches from our home-grown deployment process,” said Jim Czyzewski, senior information systems specialist responsible for desktop patch management at MidMichigan Medical Center in Midland, Mich. “Now we’re facing less-visible threats such as botnets and rootkits that are typically propagated through zero-day exploits. Effective vulnerability management is critical and serves as the first line of defense against these new stealthier attacks.”</p>
<p><b>No Silver Bullet</b></p>
<p>Despite improved vulnerability management, the survey reveals that the inability to effectively control user behavior and the shrinking time from vulnerability to exploit are the most significant challenges to combating zero-day threats. As a result, IT managers are trying to gain control through an increasing number of security products and time spent monitoring and setting policies. Fifty (50) percent of respondents said they have more than 10 agents currently installed to perform security and/or operations tasks. Most respondents (66 percent) said they spend an hour or longer every day monitoring security and IT consoles, administrating agents and updating security policies.</p>
<p>“While the overall survey results demonstrate the effectiveness of a sound vulnerability management solution—especially in the most critical situations—they also reveal a glaring need for continuous protection and a more consolidated security approach,” said Patrick Clawson, chairman and CEO of PatchLink. “By acquiring Harris STAT and SecureWave products, we are taking a significant step towards delivering a single platform for unified protection and control of all critical IT assets and data. This approach will reduce the number of agents that our customers have to manage, and enables them to remain completely protected from all malicious exploits – both known and unknown.”</p>
<p><b>Note To Editor</b></p>
<p>Should you wish to set up an interview with Chris Wood, Director, PatchLink ANZ, please contact Sarah on 02 9212 3848 or</p>
<p><b>About PatchLink® Corporation </b></p>
<p>PatchLink, a global leader in vulnerability management solutions, provides the industry’s first comprehensive security platform for unified protection and control of all enterprise servers and endpoints. More than 5,000 organisations around the globe use PatchLink’s positive security model solutions to integrate management and administration, consolidate infrastructure, enforce enterprise-level policies, lower cost of ownership and reduce risk. PatchLink is headquartered in Scottsdale, Arizona and was founded in 1991 by Sean Moshir.</p>
<p>©2007 PatchLink Corporation. All rights reserved. PatchLink, SecureWave, the PatchLink logo, and the PatchLink and Sanctuary product names and logos are either registered trademarks or trademarks of PatchLink Corporation. In addition, other companies’ names and products mentioned in this document, if any, may be either registered trademarks or trademarks of their respective owners.</p>

Most Popular