News

Security teams are struggling to remediate vulnerabilities

Enterprise security teams are struggling to go beyond simple detection and aim to effectively respond to and remediate vulnerabilities.

This is the conclusion made by the specialists of the information security company Vulcan Cyber based on the results of a new study on corporate programs for prioritizing and eliminating security threats.

The study found that business leaders and IT managers are limited in their ability to obtain the critical information they need to effectively protect valuable business assets, making vulnerability management programs largely ineffective.

Risk assessment outside the context of the business is useless. Most of the Vulcan Cyber survey participants tend to sort vulnerabilities by infrastructure (64%), business function (53%), and application (53%).

This is a concern because prioritizing risks based on sorting by infrastructure and applications outside of the context of assets does not make sense. Failure to correlate vulnerability data with real business risk leaves organizations unprotected.Vulcan Cyber experts say.

The vast majority of decision makers assess and prioritize vulnerabilities according to two or more models: CVSS Common Vulnerability Scoring System (71%), OWASP Top 10 (59%), Vulnerability Scanner (47%), top -25 CWE (38%) or bespoke models (22%). To ensure meaningful cyber risk management, a customized scoring and prioritization model takes into account multiple industry standards is ideally suited and most effective.

The more control a security team has over the assessment and prioritization of risks, the more effectively they can mitigate them. However, there is still no industry-wide framework for risk-based vulnerability management, which means cyber hygiene is still inadequate and vulnerabilities continue to pose risks.

The majority of survey participants (54%) consider confidential data leakage to be the most serious threat that vulnerabilities in applications can lead to. This is followed by incorrect authentication (44%), incorrect configuration of security mechanisms (39%), insufficient logging and monitoring (35%), and injection (32%).

The greatest concern among survey participants is the CVE-2014-6324 vulnerability in Microsoft Windows. It is noteworthy that it is even more feared than the more dangerous vulnerabilities in Windows SMB, CVE-2019-0708 (BlueKeep), CVE-2014-0160 (Heartbleed) and EternalBlue.

The research was conducted prior to the disclosure of the Log4shell vulnerability in the Log4J logging utility, so it does not appear in the researchers’ report. But we talked about what First ransomware exploiting Log4Shell problem was discovered and that Chinese APTs are interested in Log4Shell vulnerability.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button