Kenna Security is now part of Cisco

|Learn more

Podcast: Closing the Remediation Gap

Nov 30, 2015
Greg Howard

Share with Your Network

Our lead data scientist Michael Roytman just participated in a fun podcast called Cybercrime & Business, in which he discusses one of the biggest challenges around vulnerability management: the time it takes organizations to remediate vulnerabilities, or the remediation gap.

Michael talks about his research and how even “conservative” estimates found that the window of opportunity for many exploits remains significant:

  • On average, it takes businesses 100-120 days to remediate vulnerabilities.
  • At 40-60 days, the probability of a vulnerability being exploited reaches over 90 percent – indicating that most successfully exploited vulnerabilities are likely to be exploited in the first 60 days. The gap between being likely exploited and closing a vulnerability is around 60 days.
  • As of August 1, 2015, there have been a total of 1,272,152,215 successful exploits this year from a sample size of approximately 50,000 organizations. This is compared to 219,951,631 exploits in 2013 and 2014 combined.

“The gap that we’re looking at is getting much bigger, and I think that is happening because attackers are getting really, really good at automated attacks,” Michael points out.

The full podcast is here (Michael’s section starts around 15:30):

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.