A recent report released by the managed security services provider Solutionary shows that “failures in patch management of vulnerable systems have been a key enabler of cybercrime“, according to an article published by Network World. The article indicates that the firm has concluded that “botnet attacks” are the “biggest single threat” against organizations, according to their annual Global Threat Intelligence Report.
Solutionary compiled a large amount of data to populate their report which, according to the article, included a “year’s worth of scans of customers’ networks gathered through 139,000 network devices, such as intrusion-detections systems, firewall and routers, and analyzed about 300 million events” and a total collection of “3 trillion logs” related to these types of attacks. The article indicates that “Qualys, Nessus, Saint, Rapid7, nCircle and Retina” are some of the products Solutionary uses to generate these scans. The firm also investigated “the latest exploit kits used by hackers” which included “exploits from as far back as 2006“, according to the article.
One statement from Solutionary’s Global Threat Intelligence Report was quoted in the article saying, “Half of the exploitable vulnerabilities we identified have been publicly known for at least two years, yet they remain open for an attacker to find and exploit. The data indicates many organizations today are unaware, lack the capability, or don’t perceive the importance of addressing these vulnerabilities in a timely manner.” The firm found through it’s data collection that it often “took an organization up to 200 days to bring things up to snuff in terms of remediation and patch management” which resulted in these issues later on, according to Network World. Don Gray, Chief Security Strategist at Solutionary, was quoted in the article to say, “There’s kind of a ‘throw it over the wall’ mentality.
Read more about the Solutionary report in the full article and learn what concerns have been raised during the process.