Getting Real About Remediation

In an ideal world, security teams would patch every vulnerability as soon as it was discovered. But that isn’t possible. There are more vulnerabilities than there are people, tools, and processes to fix them. Effective vulnerability management comes down to the ability to prioritize which threats present the most danger, and tackling those first.

Prioritization to Prediction: Getting Real About Remediation provides a rare window into the strategies of real companies tackling today’s cybersecurity challenges. The report compares the efforts of these companies, and begins to show how variations in vulnerability management strategies really do matter. A real, measurable improvement can be gained by making smarter remediation decisions, surpassing those of other commonly-used remediation strategies.

KEY FINDING

About one-third of all the published CVEs are ever seen in a live environment.

In fact, just 5% of published CVEs have known exploits developed against them and are observed in enterprise environments. Even that relatively small percentage of CVEs left a relatively large attack surface – over 544 million vulnerabilities with a known exploit were observed in this study. While this might seem like a large number, compared to the over three billion vulnerabilities observed in this study, this finding reinforces the need for organizations to prioritize remediation efforts.

KEY FINDING

Just one-third of vulnerabilities were remediated within 30 days of discovery, but that’s OK.

With Kenna’s predictive model, organizations can identify and focus on the riskiest vulnerabilities, improving operational efficiency and security. Despite the seemingly countless number of vulnerabilities in any organization’s environment, vulnerability management programs do matter and measurable improvements can be gained by making smarter remediation decisions.

Click here to visit Kenna Security and get a copy of this free report.