Click here to close now.


News Feed Item

Study Reveals 83 Percent of Security Professionals Concerned about Missing Threats between Vulnerability Scans

Tenable Network Security®, Inc., the leader in real-time vulnerability and threat management, today announced the results of a February 2014 commissioned study conducted by Forrester Consulting on behalf of Tenable entitled “Close the Gaps Left by Traditional Vulnerability Management Through Continuous Monitoring.” Surveying top security professionals at leading organizations, the study found that traditional vulnerability management solutions are unnecessarily exposing most to security threats that could be mitigated through continuous monitoring (CM).

Continuous Monitoring Plugs the Gaps

Continuous monitoring, whose roots lie with the U.S. government, addresses many of the challenges faced by traditional vulnerability management solutions and offers CISOs and security leaders across sectors a near real-time view into the security posture of their respective institutions. The survey found that organizations that implemented continuous monitoring are more than twice as likely to be satisfied with their vulnerability management approach compared to those who use periodic scanning. Additionally, Forrester asked the 45 percent of respondents who had adopted CM to explain the benefits. They said that continuous monitoring:

  • Benefits all stages of vulnerability management
  • Benefits all verticals
  • Better equips organizations to deal with a mobile workforce
  • Benefits those with a risk focused VM program the most
  • Satisfies the CISO more than any other role

The Threat Landscape Overwhelms Traditional Vulnerability Management

Consumerization, mobility, and cloud are the hallmarks of the extended enterprise, and periodic snapshot vulnerability scanning cannot effectively address the dynamic nature of today’s extended enterprise environments. While this has catapulted vulnerability management as one of the top concerns for organizations – 86 percent of respondents rate it as their second highest IT security priority for the next 12 months – they remain concerned with effectively lowering their organization’s risk of compromise. Specifically, organizations struggle to establish effective vulnerability management practices, leaving them exposed to attacks. The study found that:

  • Nearly 74 percent of the surveyed respondents experienced challenges with their overall VM program
  • 79 percent claimed they were more likely to miss critical vulnerabilities due to insufficient data to narrow down appropriate endpoints for scanning
  • 70 percent scan monthly or less

“The survey shows that although organizations use periodic vulnerability scans, it’s simply not enough,” explained Ron Gula, CEO and CTO of Tenable Network Security. “In today’s environment of mobile, cloud and BYOD, the extended enterprise poses particular challenges, and organizations are finding it difficult to make traditional vulnerability management work for them. The need for security that covers 100 percent of assets all the time has never been more apparent than with the recent series of successful breaches.”

Organizations Struggle to Establish Effective Vulnerability Management Practices

Maintaining a consistent and effective vulnerability management workflow emerged as a major concern with 77 percent of respondents having concerns about accurate asset discovery. The explosion of transient endpoints compounds the difficulties of discovering all an organization’s assets and greatly increases the likelihood of an effective breach if unknown assets are not identified and assessed properly. Furthermore, 66 percent stated they were not confident in conducting proper vulnerability remediation. Once scans returned the data, they did not feel they had a clear picture of the risks in order to accurately prioritize and take action.

“Periodic vulnerability scans have failed the modern-day CISO,” said Gula. “Breaches are still occurring at an alarming rate, and the threat landscape is ever-evolving. The goal for any CISO is to remain ahead of the threat curve, and the only way to do this is through adopting a continuous monitoring platform. This enables users to rapidly deploy patches to shut down these threats in hours, not months so that dangerous windows of opportunity get shut before business-critical data is compromised.”

Webinar on Findings

To learn more about the February 2014 commissioned study conducted by Forrester Consulting on behalf of Tenable entitled “Close the Gaps Left by Traditional Vulnerability Management Through Continuous Monitoring,” join Ron Gula, CEO of Tenable Network Security, and guest Rick Holland, principal analyst with Forrester Research. Inc. on Wednesday, February 19, at 11:00 a.m. PST / 2:00 p.m. EST. For more information on the webinar and to register, please click here.

The Forrester Consulting Study sponsored by Tenable Network Security is available at:

About Tenable Network Security

Tenable Network Security is relied upon by more than 20,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its solutions continue to set the standard to identify vulnerabilities, prevent attacks and comply with a multitude of regulatory requirements. For more information, please visit

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In recent years, at least 40% of companies using cloud applications have experienced data loss. One of the best prevention against cloud data loss is backing up your cloud data. In his General Session at 17th Cloud Expo, Sam McIntyre, Partner Enablement Specialist at eFolder, presented how organizations can use eFolder Cloudfinder to automate backups of cloud application data. He also demonstrated how easy it is to search and restore cloud application data using Cloudfinder.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
Internet of @ThingsExpo, taking place June 7-9, 2016 at Javits Center, New York City and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
The cloud. Like a comic book superhero, there seems to be no problem it can’t fix or cost it can’t slash. Yet making the transition is not always easy and production environments are still largely on premise. Taking some practical and sensible steps to reduce risk can also help provide a basis for a successful cloud transition. A plethora of surveys from the likes of IDG and Gartner show that more than 70 percent of enterprises have deployed at least one or more cloud application or workload. Y...
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, San...
As organizations shift towards IT-as-a-service models, the need for managing & protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection & E-Discovery of your data - whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise.
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at, explored the value of Kibana 4 for log analysis and provided a hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He examined three use cases: IT operations, business intelligence, and security and compliance. Asaf Yigal is co-founder and VP of Product at log analytics software company In the past, he was co-founder of social-trading platform Currensee, which...
There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content. Join @ThingsExpo conference chair Roger Strukhoff (@IoT2040), June 7-9, 2016 in New York City, for three days of intense 'Internet of Things' discussion and focus, including Big Data's indespensable role in IoT, Smart Grids and Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) IoT's use in Vertical Markets.
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, explored the IoT cloud-based platform technologies driving t...
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
We all know that data growth is exploding and storage budgets are shrinking. Instead of showing you charts on about how much data there is, in his General Session at 17th Cloud Expo, Scott Cleland, Senior Director of Product Marketing at HGST, showed how to capture all of your data in one place. After you have your data under control, you can then analyze it in one place, saving time and resources.
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...