Vulnerability management remains a struggle for many companies and is still only an aspiration for many others. But with digital and cloud transformation rewriting the way many firms do business, the attack surface keeps expanding and becomes more difficult for organizations to protect their environments from growing threats.
As a result, continuous vulnerability scanning as well as regular patching programs are a must if your organization hopes to limit the likelihood of the potentially devastating impact a cybercriminal’s exploit could have a on your business.
Yet, even with sound vulnerability management practices in play, many elements of vulnerability management continue to confound IT and security teams—especially as remote workforces grow, and companies look to the cloud for more answers.
To that end, a recent survey by the SANS Institute, a leading cybersecurity research and training firm, highlights the barriers that many firms still haven’t overcome when trying to address their organization’s vulnerabilities. While most are making strides in their programs, they aren’t showing a rate of improvement fast enough to get a true handle on their exposure.
Where Firms Fall Short When Gauging Their Program Against the SANS Maturity Model
In the new report, A SANS 2021 Survey: Vulnerability Management—Impacts on Cloud and the Remote Workforce, the number of surveyed companies with a formal vulnerability management program rose 12% (from 63% to 75%) in the past year, a rather significant jump.
Nonetheless, many of the same hindrances that hold back the success of their programs remain problematic.
For the large part, organizations with a vulnerability management program in place are able to identify weaknesses and vulnerabilities in their systems. The problem arises in terms of addressing them. There are several areas where things break down for a variety of reasons.
Among the most common challenges in addressing vulnerabilities according to the SANS survey report are:
- Limited budgets and resources
- IT staffs are already stretched thin
- Disjointed reporting that creates confusion
- More an expectation than a requirement, so lacks commitment
- Security team accountable but not responsible for performing needed activities
In addition, the report details how surveyed organizations stacked up when responding to questions related to the SANS Vulnerability Management Maturity Model that goes into depth in key areas such as how an individual program prepares, identifies, analyses, communicates, and treats activities related to vulnerability management.
What’s more, the report explores the survey respondents’ cloud and container architectures and their configurations to help determine their progress and overall maturity in cloud vulnerability management, including configurations for using “as-a-service” platforms.
Where Does Your Vulnerability Management Program Rate on the Scale?
Is your organization grappling with these same issues? If you’ve bumped up your remote workforce, chances are cloud vulnerabilities are adding to the already complex task of vulnerability management. With A SANS 2021 Survey: Vulnerability Management—Impacts on Cloud and the Remote Workforce see how your program aligns with the SANS Maturity Model and learn about measures your team can take to improve your program.
Built on the industry’s only cloud-native platform to deliver security operations as a concierge service, Arctic Wolf® Managed Risk enables you to define and contextualize your attack surface coverage across your networks, endpoints, and cloud environments; provides you with the risk priorities in your environment; and advises you on your remediation actions to ensure that you benchmark against configuration best practices and continually harden your security posture.