Patch management flubs facilitate cybercrime

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2014/032714-solutionary-280149.html

By Ellen Messmer
Network World
March 27, 2014

Failures in patch management of vulnerable systems have been a key enabler 
of cybercrime, according to the conclusions reached in Solutionary’s 
annual Global Threat Intelligence Report out today, saying it sees botnet 
attacks as the biggest single threat.

The managed security services provider, now part of NTT, compiled a year’s 
worth of scans of customers’ networks gathered through 139,000 network 
devices, such as intrusion-detections systems, firewall and routers, and 
analyzed about 300 million events, along with 3 trillion collected logs 
associated with attacks. Solutionary says it relies on several types of 
vendor products for these scans, including Qualys, Nessus, Saint, Rapid7, 
nCircle and Retina.

Solutionary also looked at the latest exploit kits used by hackers, which 
include exploits from as far back as 2006. Solutionary found that half of 
the vulnerability scans it did on NTT customers last year were first 
identified and assigned CVE numbers between 2004 and 2011.

“That is, half of the exploitable vulnerabilities we identified have been 
publicly known for at least two years, yet they remain open for an 
attacker to find and exploit,” Solutionary said in its Global Threat 
Intelligence Report. “The data indicates many organizations today are 
unaware, lack the capability, or don’t perceive the importance of 
addressing these vulnerabilities in a timely manner.”

[...]

--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/