Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

New Report Reveals Common Enterprise Cyber Security Remediation Strategies Are About as Effective as Random Chance

New Report Reveals Common Enterprise Cyber Security Remediation Strategies Are About as Effective as Random Chance

Kenna Security and Cyentia Institute Research Report Assesses the Effectiveness, Efficiency and Effort of Today’s Enterprise Remediation Strategies 

 Karim Toubba, CEO, Kenna Security 

“Effective remediation depends on quickly determining which vulnerabilities warrant action and which of those have highest priority, but prioritization remains one of the biggest challenges in vulnerability management. Businesses can no longer afford to react to cyber threats, as the research shows that most common vulnerability remediation strategies are about as effective as rolling dice. But there is hope – a predictive model based on cutting-edge data science is more efficient, requires less effort, and provides better coverage of an enterprises’ attack surface.”

 News Summary

Kenna Security, a leader in predictive cyber risk, today unveiled a new research report it conducted in partnership with the Cyentia Institute that provides an industry-first analysis of today’s common vulnerability management strategies. The research report, Prioritization to Prediction: Analyzing Vulnerability Remediation Strategiesincludes deep insights into vulnerability lifecycles, the key factors that influence the remediation and prevention of vulnerabilities, and the effectiveness of various vulnerability remediation strategies used to prioritize enterprise cyber security efforts.

Kenna Security and Cyentia Institute analyzed five years of historical vulnerability data compiled from over 15 sources to uncover the key findings in the report:

  • The Volume and Velocity of Vulnerabilities Is Rapidly Increasing: In 2017, businesses had to decide how to address an average of 40 new vulnerabilities every single day (including weekends). 2017 saw the highest number of year-over-year entries in the database, more than doubling the entries in 2016, and 2018 is trending to match or exceed those numbers.
  • Most Reported Vulnerabilities Aren’t Used by Hackers: Businesses need to find the needle in an ever-growing haystack, the vulnerabilities that pose the greatest risk. Out of the thousands of new vulnerabilities published every year, the vast majority (77 percent) never have exploits developed, and even fewer (less than 2 percent) are actively used in an attack.
  • Speed Must Be a Priority: The greatest number of exploits are published in the first months after a vulnerability is released and 50 percent of exploits publish within two weeks of a new vulnerability, meaning that businesses realistically only have 10 working days to find and fix the riskiest vulnerabilities.
  • Don’t Leave Remediation Efforts to Chance: Most current approaches to prioritizing and fixing vulnerabilities are roughly as effective or far less effective than addressing vulnerabilities at random. Researchers compared 15 different remediation strategies against a strategy of fixing vulnerabilities at random to provide a point of reference that illustrates the effectiveness of each strategy. More than half of the strategies were no more effective than chance
  • A Predictive Approach to Vulnerability Prioritization: Researchers then analyzed the effectiveness of Kenna’s machine learning-based predictive model and found that it performs 2-8 times more efficiently, with equivalent or better coverage of vulnerabilities when compared against the 15 strategies assessed in the research.

Supporting Quotes

Jay Jacobs, data scientist, co-founder and partner, Cyentia Institute

“Cyentia is committed to delivering data-driven research to help the practitioners and decision-makers responsible for protecting an enterprise’s assets, which average 18-24 million vulnerabilities across 60,000 assets. Partnering with leading cybersecurity industry vendors like Kenna Security to track published exploits and actively exploited vulnerabilities enables us to measure, compare and explore various prioritization methods and advance the art and science of vulnerability management.”

Jon Oltsik, senior principal analyst, Enterprise Strategy Group (ESG)

“In the past, we used analog tuning to define which systems were considered mission-critical, but this didn’t provide a level of useful granularity. Fast forward to 2018, and risk-based intelligent vulnerability management platforms, including Kenna, can now consume terabytes of configuration data, asset data, vulnerability data, and threat intelligence to create a fine-grained analysis of which systems really need immediate patching against current threats.  Now these systems are moving beyond real-time assessments by forecasting weaponization and risk well before an attack is possible.  This proactive approach can provide insight and help organizations anticipate attacker behavior.”

Additional Resources

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post