Vulnerability Identification is Easier Than Remediation

Detection is simply not enough in today's threat landscape of sophisticated attacks; organizations need to focus on improving threat prioritization, says a report

The research conducted by the NopSec Labs finds following insights...

Remediation challenges are creating major security risks: While rapid vulnerability detection is at an all-time high, it still takes the typical organization too long to address known security issues. The average time it takes to remediate a security vulnerability is 103 days. In fact, while cloud providers remediate fastest (50 days), followed closely by healthcare organizations (97 days), financial services companies and education organizations take a shocking 176 days to take corrective action. That means they are potentially exposing themselves to data breaches for almost six months. Even worse, nearly a third (32 percent) of security vulnerabilities take more than a year to fix in the financial industry.

Cloud providers' IT assets are most exposed to attack: The average number of security vulnerabilities per asset varies dramatically across industries, with cloud providers facing more than all other industries combined. Cloud providers average 18 vulnerabilities per asset; this is in stark contrast to the six vulnerabilities per asset in financial services and the number faced by the healthcare (three) and education (two) sectors. Despite the risk of exposure, cloud providers rank as the most progressive industry in terms of the remediation of known security issues -- closing 90 percent of identified vulnerabilities in less than 30 days.

No network is safe: Security vulnerabilities in applications are remediated nine times faster than network vulnerabilities. While application vulnerabilities are fixed within three weeks on average (20 days), network vulnerabilities are left unaddressed for a staggering 182 days. 

Apple is not immune: Microsoft and Apple dominate the vulnerability chart, with Linux operating systems trailing behind the two giants. In addition, Adobe, Apple, Microsoft, Mozilla and Oracle face the most severe vulnerabilities.


Add new comment