Welcome!

News Feed Item

Study Reveals 83 Percent of Security Professionals Concerned about Missing Threats between Vulnerability Scans

Tenable Network Security®, Inc., the leader in real-time vulnerability and threat management, today announced the results of a February 2014 commissioned study conducted by Forrester Consulting on behalf of Tenable entitled “Close the Gaps Left by Traditional Vulnerability Management Through Continuous Monitoring.” Surveying top security professionals at leading organizations, the study found that traditional vulnerability management solutions are unnecessarily exposing most to security threats that could be mitigated through continuous monitoring (CM).

Continuous Monitoring Plugs the Gaps

Continuous monitoring, whose roots lie with the U.S. government, addresses many of the challenges faced by traditional vulnerability management solutions and offers CISOs and security leaders across sectors a near real-time view into the security posture of their respective institutions. The survey found that organizations that implemented continuous monitoring are more than twice as likely to be satisfied with their vulnerability management approach compared to those who use periodic scanning. Additionally, Forrester asked the 45 percent of respondents who had adopted CM to explain the benefits. They said that continuous monitoring:

  • Benefits all stages of vulnerability management
  • Benefits all verticals
  • Better equips organizations to deal with a mobile workforce
  • Benefits those with a risk focused VM program the most
  • Satisfies the CISO more than any other role

The Threat Landscape Overwhelms Traditional Vulnerability Management

Consumerization, mobility, and cloud are the hallmarks of the extended enterprise, and periodic snapshot vulnerability scanning cannot effectively address the dynamic nature of today’s extended enterprise environments. While this has catapulted vulnerability management as one of the top concerns for organizations – 86 percent of respondents rate it as their second highest IT security priority for the next 12 months – they remain concerned with effectively lowering their organization’s risk of compromise. Specifically, organizations struggle to establish effective vulnerability management practices, leaving them exposed to attacks. The study found that:

  • Nearly 74 percent of the surveyed respondents experienced challenges with their overall VM program
  • 79 percent claimed they were more likely to miss critical vulnerabilities due to insufficient data to narrow down appropriate endpoints for scanning
  • 70 percent scan monthly or less

“The survey shows that although organizations use periodic vulnerability scans, it’s simply not enough,” explained Ron Gula, CEO and CTO of Tenable Network Security. “In today’s environment of mobile, cloud and BYOD, the extended enterprise poses particular challenges, and organizations are finding it difficult to make traditional vulnerability management work for them. The need for security that covers 100 percent of assets all the time has never been more apparent than with the recent series of successful breaches.”

Organizations Struggle to Establish Effective Vulnerability Management Practices

Maintaining a consistent and effective vulnerability management workflow emerged as a major concern with 77 percent of respondents having concerns about accurate asset discovery. The explosion of transient endpoints compounds the difficulties of discovering all an organization’s assets and greatly increases the likelihood of an effective breach if unknown assets are not identified and assessed properly. Furthermore, 66 percent stated they were not confident in conducting proper vulnerability remediation. Once scans returned the data, they did not feel they had a clear picture of the risks in order to accurately prioritize and take action.

“Periodic vulnerability scans have failed the modern-day CISO,” said Gula. “Breaches are still occurring at an alarming rate, and the threat landscape is ever-evolving. The goal for any CISO is to remain ahead of the threat curve, and the only way to do this is through adopting a continuous monitoring platform. This enables users to rapidly deploy patches to shut down these threats in hours, not months so that dangerous windows of opportunity get shut before business-critical data is compromised.”

Webinar on Findings

To learn more about the February 2014 commissioned study conducted by Forrester Consulting on behalf of Tenable entitled “Close the Gaps Left by Traditional Vulnerability Management Through Continuous Monitoring,” join Ron Gula, CEO of Tenable Network Security, and guest Rick Holland, principal analyst with Forrester Research. Inc. on Wednesday, February 19, at 11:00 a.m. PST / 2:00 p.m. EST. For more information on the webinar and to register, please click here.

The Forrester Consulting Study sponsored by Tenable Network Security is available at: http://www.tenable.com/whitepapers/forrester-cm.

About Tenable Network Security

Tenable Network Security is relied upon by more than 20,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its solutions continue to set the standard to identify vulnerabilities, prevent attacks and comply with a multitude of regulatory requirements. For more information, please visit www.tenable.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
In recent years, containers have taken the world by storm. Companies of all sizes and industries have realized the massive benefits of containers, such as unprecedented mobility, higher hardware utilization, and increased flexibility and agility; however, many containers today are non-persistent. Containers without persistence miss out on many benefits, and in many cases simply pass the responsibility of persistence onto other infrastructure, adding additional complexity.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Pentaho has announced orchestration capabilities that streamline the entire machine learning workflow and enable teams of data scientists, engineers and analysts to train, tune, test and deploy predictive models. Pentaho’s Data Integration and analytics platform ends the ‘gridlock’ associated with machine learning by enabling smooth team collaboration, maximizing limited data science resources and putting predictive models to work on big data faster – regardless of use case, industry, or languag...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's DevOps Summit at Cloud Expo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Addteq specializes in creating innovative solutions to solve business processes through the use of DevOps automation. Addteq was founded on the firm belief that automation is essential for successful software releases. Addteq's products and services are centered around the fundamental approach of understanding the pr...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...