NopSec, a leading risk-based vulnerability management platform, has released findings from their State of Vulnerability Management report.
The report surveyed 426 security professionals to better understand organizational vulnerability management and gain some insights into their day-to-day challenges, frustrations, and priorities.
Unremediated vulnerabilities are open doors that let malicious actors walk right through. Today, security teams are challenged enough by finding and shutting those open doors to keep their organization safe. Keeping track of those vulnerabilities and responding quickly and efficiently is one challenge—finding openings they might not even know about is another.
ITechnology Cloud News: RangeForce Introduces New Version of Cloud-based Security Team Readiness Threat Exercises
“The future of vulnerability management is risk-based. Yet I often see that, without a risk-based approach to prioritizing the ever-growing list of vulnerabilities, organizations leave themselves exposed,” said Lisa Xu, CEO of NopSec. “What this report found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think. I hope these insights will be helpful to security leaders as they evaluate and strengthen their vulnerability management program.”
Key findings include:
- 70% say their vulnerability management program (VMP) is only somewhat effective or worse.
- 34% responded that their VMP was not very effective at all.
- 53% of respondents said their organization does not consume third-party threat intel, like penetration tests, vulnerability disclosures, and IP or domain reputation scores.
- 58% also do not use a risk-based rating system to prioritize vulnerabilities.
- 62% of companies take 48 hours or longer to remediate vulnerabilities —some more than two weeks—to patch known critical vulnerabilities.
- 58% of companies that track the volume of vulnerabilities have seen them double, triple, or quadruple over the past 12 months.
[To share your insights with us, please write to email@example.com]