IT departments struggle with vulnerability management
A new survey of IT professionals revealed that new regulatory compliance requirements – for implementing satisfactory technology solutions to address security vulnerabilities, data leakage and compliance – remain difficult for enterprise organizations to effectively achieve.
Shavlik Technologies announced results of its comprehensive survey of IT and security specialists conducted at both the RSA Conference 2008 and Infosecurity Europe 2008 events last month. The survey of 491 combined conference delegates from Europe and the U.S. identified their top security priorities and what solutions they may have implemented to manage the vulnerabilities that threaten their organizations.
According to the survey results, the top three priorities were: Data Protection / Leakage Prevention – 53.2 percent; Internal Network Security – 51.8 percent; and Policy and Regulatory Concerns – 43.8 percent. Other significant priorities were patch management – 38.6 percent and the security of virtualized machines – 32.6 percent.
Delegates were also asked about the solutions implemented for audit preparation and patch management and whether they were satisfied with them. For audit preparation, only 60.8 percent indicated that they were satisfied or highly satisfied which suggests that there are a significant proportion of organizations unhappy with their current solutions. Respondents were equally unhappy with patch management solutions with 40 percent reporting they were unsatisfied with their current technology solution.
Three quarters of respondents, 75.7 percent, confirmed they were either concerned or highly concerned over compliance with specific mandates such as PCI DSS, ISO 27002, or Sarbanes Oxley. They identified a broad range of solutions to manage the audit process—a total of 123, ranging from “home grown” to “a lot of systems” from various vendors.
Many respondents indicated they continued with manual processes for elements of their patch management process, even though more than 115 different solutions for patch management were identified in the surveys.