Welcome!

News Feed Item

Study Reveals 83 Percent of Security Professionals Concerned about Missing Threats between Vulnerability Scans

Tenable Network Security®, Inc., the leader in real-time vulnerability and threat management, today announced the results of a February 2014 commissioned study conducted by Forrester Consulting on behalf of Tenable entitled “Close the Gaps Left by Traditional Vulnerability Management Through Continuous Monitoring.” Surveying top security professionals at leading organizations, the study found that traditional vulnerability management solutions are unnecessarily exposing most to security threats that could be mitigated through continuous monitoring (CM).

Continuous Monitoring Plugs the Gaps

Continuous monitoring, whose roots lie with the U.S. government, addresses many of the challenges faced by traditional vulnerability management solutions and offers CISOs and security leaders across sectors a near real-time view into the security posture of their respective institutions. The survey found that organizations that implemented continuous monitoring are more than twice as likely to be satisfied with their vulnerability management approach compared to those who use periodic scanning. Additionally, Forrester asked the 45 percent of respondents who had adopted CM to explain the benefits. They said that continuous monitoring:

  • Benefits all stages of vulnerability management
  • Benefits all verticals
  • Better equips organizations to deal with a mobile workforce
  • Benefits those with a risk focused VM program the most
  • Satisfies the CISO more than any other role

The Threat Landscape Overwhelms Traditional Vulnerability Management

Consumerization, mobility, and cloud are the hallmarks of the extended enterprise, and periodic snapshot vulnerability scanning cannot effectively address the dynamic nature of today’s extended enterprise environments. While this has catapulted vulnerability management as one of the top concerns for organizations – 86 percent of respondents rate it as their second highest IT security priority for the next 12 months – they remain concerned with effectively lowering their organization’s risk of compromise. Specifically, organizations struggle to establish effective vulnerability management practices, leaving them exposed to attacks. The study found that:

  • Nearly 74 percent of the surveyed respondents experienced challenges with their overall VM program
  • 79 percent claimed they were more likely to miss critical vulnerabilities due to insufficient data to narrow down appropriate endpoints for scanning
  • 70 percent scan monthly or less

“The survey shows that although organizations use periodic vulnerability scans, it’s simply not enough,” explained Ron Gula, CEO and CTO of Tenable Network Security. “In today’s environment of mobile, cloud and BYOD, the extended enterprise poses particular challenges, and organizations are finding it difficult to make traditional vulnerability management work for them. The need for security that covers 100 percent of assets all the time has never been more apparent than with the recent series of successful breaches.”

Organizations Struggle to Establish Effective Vulnerability Management Practices

Maintaining a consistent and effective vulnerability management workflow emerged as a major concern with 77 percent of respondents having concerns about accurate asset discovery. The explosion of transient endpoints compounds the difficulties of discovering all an organization’s assets and greatly increases the likelihood of an effective breach if unknown assets are not identified and assessed properly. Furthermore, 66 percent stated they were not confident in conducting proper vulnerability remediation. Once scans returned the data, they did not feel they had a clear picture of the risks in order to accurately prioritize and take action.

“Periodic vulnerability scans have failed the modern-day CISO,” said Gula. “Breaches are still occurring at an alarming rate, and the threat landscape is ever-evolving. The goal for any CISO is to remain ahead of the threat curve, and the only way to do this is through adopting a continuous monitoring platform. This enables users to rapidly deploy patches to shut down these threats in hours, not months so that dangerous windows of opportunity get shut before business-critical data is compromised.”

Webinar on Findings

To learn more about the February 2014 commissioned study conducted by Forrester Consulting on behalf of Tenable entitled “Close the Gaps Left by Traditional Vulnerability Management Through Continuous Monitoring,” join Ron Gula, CEO of Tenable Network Security, and guest Rick Holland, principal analyst with Forrester Research. Inc. on Wednesday, February 19, at 11:00 a.m. PST / 2:00 p.m. EST. For more information on the webinar and to register, please click here.

The Forrester Consulting Study sponsored by Tenable Network Security is available at: http://www.tenable.com/whitepapers/forrester-cm.

About Tenable Network Security

Tenable Network Security is relied upon by more than 20,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its solutions continue to set the standard to identify vulnerabilities, prevent attacks and comply with a multitude of regulatory requirements. For more information, please visit www.tenable.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
"We provide DevOps solutions. We also partner with some key players in the DevOps space and we use the technology that we partner with to engineer custom solutions for different organizations," stated Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at DevOps at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Much of IT terminology is often misused and misapplied. Modernization and transformation are two such terms. They are often used interchangeably even though they mean different things and have very different connotations. Indeed, it is somewhat safe to assume that in IT any transformative effort is likely to also have a modernizing effect, and thus, we can see these as levels of improvement efforts. However, many businesses are being led to believe if they don’t transform now they risk becoming ...
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
What does it look like when you have access to cloud infrastructure and platform under the same roof? Let’s talk about the different layers of Technology as a Service: who cares, what runs where, and how does it all fit together. In his session at 18th Cloud Expo, Phil Jackson, Lead Technology Evangelist at SoftLayer, an IBM company, spoke about the picture being painted by IBM Cloud and how the tools being crafted can help fill the gaps in your IT infrastructure.
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
As companies gain momentum, the need to maintain high quality products can outstrip their development team’s bandwidth for QA. Building out a large QA team (whether in-house or outsourced) can slow down development and significantly increases costs. This eBook takes QA profiles from 5 companies who successfully scaled up production without building a large QA team and includes: What to consider when choosing CI/CD tools How culture and communication can make or break implementation
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.