Security leaders struggle to implement vendor-supplied patches, but virtual patching can help prevent both lost revenue and lost user productivity.
A new report claims that by the time a vulnerability is disclosed, 80 percent of exploits already exist, but only 70 percent of vendor-provided patches are available. The analysis, conducted by the Aberdeen Group, is based on data provided by Verizon and was commissioned by McAfee. Titled » Cyber-Security: For Defenders, It’s About Time, » the report states that the business impact from data breaches is the greatest at the beginning, when records are first compromised. « That’s logical, since attackers want to get in and out with the goods (or data) in as little time as possible, » the report states. « Most responders are closing the barn door well after the horse is gone, when most of the damage has already been done. » The business impact from sustained disruption, however continues to grow from the time of compromise to the time of remediation. The time to detection, therefore remains the top challenge for defenders responding to cyber-attacks, putting enterprises at risk. The report sample includes 1,300 data breaches investigated between 2014 and 2016. Half of detections took up to 38 days, with a mean average of 210 days, though this was skewed by some incidents taking as long as four years.