The Critical Need to Patch Vulnerabilities ASAP
Security leaders struggle to implement vendor-supplied patches, but virtual patching can help prevent both lost revenue and lost user productivity.
Dwell time is the total time in days from the attack compromise to defender detection. Median attacker dwell time for data breaches between 2014 and 2016 was 38 days.
It took defenders 5 to 6 weeks or less to detect half of successful data breaches. In the other half, detection took as long as four years.
A Monte Carlo analysis found that the business impact of a breach is greatest at the beginning of the exploit. Faster detection and response time reduce the impact. Responding twice as fast can lower the business impact by 30%.
The study found that being twice as fast at threat detection and incident response lowers the business impact of an attack by 70%.
Considering the time, cost and complexity of a vendor patching approach to databases and applications, 220 to 660 vendor patches per year with a median value of 410 are needed. This equals 910 hours annually of disruption to databases and applications.
The business impact of disruption on revenue and productivity on a traditional vendor patching approach is between 1% and 8% of annual revenue, with a median of 4%.
Sometimes known as external patching or vulnerability shielding, virtual patching provides a window of vulnerability that is substantially shorter than the vendor patching approach.
Virtual patching was found to minimize the two biggest contributors to the total annual business impact of patching: lost revenue and lost user productivity.
To recapture the advantage of time in the face of cyber-security risk, focus on capabilities designed to:
Reduce the likelihood and business impact of attacks, while. shortening detection and response times.
Maintain the productivity of users.
Increase the productivity of defenders.