The neverending struggle to eliminate organizational risk is a multi-faceted challenge that requires deep insights grounded in data. Building on our body of research, Kenna Security and the Cyentia Institute have led the charge in applying data science to the vulnerability landscape in an effort to guide better technology, strategies, and decision making.
Prioritization to Prediction, Volume 5: In Search of Assets at Risk applies this approach to the various devices and underlying software that comprise the modern enterprise IT infrastructure to reveal for the first time, how vulnerable device categories are and understand how successful vendor and enterprise remediation efforts are in practice.
The typical organization manages vulnerabilities across about 800 active assets, but 10% manage over 35,000. The full range of assets per firm extends from less than 10 to over 1M.
Windows dominates business and enterprises are fast at fixing these vulnerabilities, remediating half of all Windows vulnerabilities in 36 days. But the average Windows platform has 119 vulnerabilities detected in any given month, and 70% of Windows systems have at least 1 open vulnerability with known exploits.
Microsoft also has the highest percentage of closed high-risk vulnerabilities at 83%, followed closely by Apple OSX, with linux/unix, and network appliances/IoT devices lagging behind.
Vendor-led automated patching and update programs have a major positive impact on remediation velocity, capacity, and overall performance. Microsoft is leading the charge here essentially multiplying the security and IT workforce of organizations leveraging these programs.
In a world where a single high-risk vulnerability can have catastrophic consequences, effective patch prioritization and speed are the keys to security regardless of the type of device or software it sits on. Success requires us all to carefully consider all aspects of the risk equation.
To learn more, please download the full report.
Catch up on our prior volumes:
Prioritization to Prediction, Volume 5: In Search of Assets at Risk looks at vulnerabilities through the lens of devices to help enterprises better understand and make data-driven decisions that can meaningfully increase the security of your technology infrastructure.