Information Security News
mailing list archives
Patch management flubs facilitate cybercrime
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 28 Mar 2014 06:44:52 +0000 (UTC)
By Ellen Messmer
March 27, 2014
Failures in patch management of vulnerable systems have been a key enabler
of cybercrime, according to the conclusions reached in Solutionary’s
annual Global Threat Intelligence Report out today, saying it sees botnet
attacks as the biggest single threat.
The managed security services provider, now part of NTT, compiled a year’s
worth of scans of customers’ networks gathered through 139,000 network
devices, such as intrusion-detections systems, firewall and routers, and
analyzed about 300 million events, along with 3 trillion collected logs
associated with attacks. Solutionary says it relies on several types of
vendor products for these scans, including Qualys, Nessus, Saint, Rapid7,
nCircle and Retina.
Solutionary also looked at the latest exploit kits used by hackers, which
include exploits from as far back as 2006. Solutionary found that half of
the vulnerability scans it did on NTT customers last year were first
identified and assigned CVE numbers between 2004 and 2011.
“That is, half of the exploitable vulnerabilities we identified have been
publicly known for at least two years, yet they remain open for an
attacker to find and exploit,” Solutionary said in its Global Threat
Intelligence Report. “The data indicates many organizations today are
unaware, lack the capability, or don’t perceive the importance of
addressing these vulnerabilities in a timely manner.”
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
- Patch management flubs facilitate cybercrime InfoSec News (Mar 28)