TMCnet News
New Kenna Security research shows top factors that make companies faster, more efficient in patching vulnerabilitiesStudy finds companies using the Common Vulnerability Scoring System (CVSS) slower in patching high-risk vulnerabilities SAN FRANCISCO, Aug. 21, 2019 (GLOBE NEWSWIRE) -- Ed Bellis, CTO at Kenna Security News Summary Kenna Security, a leader in predictive cyber risk, today released a new report showing how companies can build faster, more efficient, and more comprehensive cybersecurity programs based on a detailed look at the practices of high-performing companies. The research demonstrates that companies most effectively managing security vulnerabilities report using a patch tool, relying on risk-based prioritization tools, and having multiple, specialized remediation teams that focus on specific sectors of a technology stack. Companies that said they had a mature, well-funded vulnerability management programs were more likely to patch vulnerabilities faster, but that did not necessarily mean the companies patched the riskiest vulnerabilities first. Having adequate security budgets correlated with an ability to patch security threats quickly but did not translate into having a higher capacity to remediate vulnerabilities. Some internal factors tended to reduce performance. Companies that used the Common Vulnerability Scoring System (CVSS) to prioritize vulnerabilities for remediation tended to be slower in patching high-risk vulnerabilities. The companies focused on compliance tended to struggle to patch all high-risk vulnerabilities across their organization. Produced in conjunction with the Cyentia Institute, the fourth volume of Kenna’s Prioritization to Prediction series, uses survey data and standardized metrics to explore how high-performing companies achieve success. The report uses data from the Kenna Security Platform and survey responses to conduct a granular, in-depth analysis of the behavior and associated security outcomes of more than 100 organizations. The research builds on three previous installments of the series, which have analyzed how hundreds of companies have addresses 300 billion vulnerabilities using risk-based remediation practices. The previous installment provided in-depth analysis of remediation practices at major companies, showing that most companies only have, on average, the capacity to remediate one out of every 10 vulnerabilities, and that half of all companies end each day facing more high-risk cybersecurity vulnerabilities than they started with. Supporting Quotes Jay Jacobs, data scientist, co-founder and partner, Cyentia Institute Additional Resources
Cyentia Institute About Kenna Security
|