The Critical Need to Patch Vulnerabilities ASAP
-
The Critical Need to Patch Vulnerabilities ASAP
Security leaders struggle to implement vendor-supplied patches, but virtual patching can help prevent both lost revenue and lost user productivity. -
Dwell Times
Dwell time is the total time in days from the attack compromise to defender detection. Median attacker dwell time for data breaches between 2014 and 2016 was 38 days. -
Time-to-Breach Detection
It took defenders 5 to 6 weeks or less to detect half of successful data breaches. In the other half, detection took as long as four years. -
Time Lag's Effect on Risk
A Monte Carlo analysis found that the business impact of a breach is greatest at the beginning of the exploit. Faster detection and response time reduce the impact. Responding twice as fast can lower the business impact by 30%. -
Incident Detection and Response
The study found that being twice as fast at threat detection and incident response lowers the business impact of an attack by 70%. -
Time, Cost and Complexity
Considering the time, cost and complexity of a vendor patching approach to databases and applications, 220 to 660 vendor patches per year with a median value of 410 are needed. This equals 910 hours annually of disruption to databases and applications. -
Impact on Revenue and Productivity
The business impact of disruption on revenue and productivity on a traditional vendor patching approach is between 1% and 8% of annual revenue, with a median of 4%. -
Value of Virtual Patching
Sometimes known as external patching or vulnerability shielding, virtual patching provides a window of vulnerability that is substantially shorter than the vendor patching approach. -
Virtual Patching Minimizes Impact
Virtual patching was found to minimize the two biggest contributors to the total annual business impact of patching: lost revenue and lost user productivity. -
Recommendations
To recapture the advantage of time in the face of cyber-security risk, focus on capabilities designed to: Reduce the likelihood and business impact of attacks, while. shortening detection and response times. Maintain the productivity of users. Increase the productivity of defenders.
A new report claims that by the time a vulnerability is disclosed, 80 percent of exploits already exist, but only 70 percent of vendor-provided patches are available. The analysis, conducted by the Aberdeen Group, is based on data provided by Verizon and was commissioned by McAfee. Titled "Cyber-Security: For Defenders, It's About Time," the report states that the business impact from data breaches is the greatest at the beginning, when records are first compromised. "That's logical, since attackers want to get in and out with the goods (or data) in as little time as possible," the report states. "Most responders are closing the barn door well after the horse is gone, when most of the damage has already been done." The business impact from sustained disruption, however continues to grow from the time of compromise to the time of remediation. The time to detection, therefore remains the top challenge for defenders responding to cyber-attacks, putting enterprises at risk. The report sample includes 1,300 data breaches investigated between 2014 and 2016. Half of detections took up to 38 days, with a mean average of 210 days, though this was skewed by some incidents taking as long as four years.