Secunia Releases Global Security Trends Report

Copenhagen, Denmark, 14th July 2011 – Secunia, the No.1 provider of Vulnerability Intelligence, today announced the release of the Secunia Half Year Report for 2011 which identifies important evolving global trends in end-point security, software, and the entire security ecosystem. Findings in the Secunia Half Year Report 2011 are based on data extracted from Secunia’s Vulnerability Intelligence Database, which uses information about thousands of products and vendors to continuously track vulnerabilities and the state of software security as a whole.

The first part of the report investigates the evolving threat of software portfolios typically found in organisations. Today, cybercriminals bypass traditional perimeter defences by means of the automated mass production of attack variants – thereby initiating an arms race with defenders.

Key findings in this part of the report include:

Security patches are found to be an effective means to escape the arms race, as they remediate the root cause of compromise.

Quantifying the dynamics of critical programs in software portfolios of up to 5,000 programs over the last few years identifies an increasing gap of unmitigated risk if the patching strategy covers Microsoft products only.

Timely patching of the software portfolio of any organisation is like chasing a continually moving target.

A comparison of different patching strategies under the assumption of limited resources demonstrates that an intelligent patching strategy is an effective approach for reducing vulnerability risks.

An 80% reduction in risk can be achieved by either patching the 12 most critical or the 37 most prevalent programs in a sample portfolio.

For the majority of vulnerabilities there are patches available on the day of disclosure, which puts a different perspective on the threat of 0-days.

The second section of the report presents global vulnerability data from the last five years and documents trends on a year-to-year basis as of June 2011. Comparing the data from the last two 12 month periods as of June 2011, as well as the extrapolated trend for 2011 indicates a slow decrease in the global number of vulnerabilities.

Key findings in this part of the report include:

Despite a slight overall decrease in the total number of vulnerabilities we have seen a significant increase from 24% to 30% for the "System Access" impact class, which is considered the most critical impact class.

There has been an increase in the number of advisories for which a patch was available at the day of disclosure. The patch "availability rate" has increased from 47% to 55% when comparing the last 12 months with the previous 12 months. This indicates that more researchers are coordinating the disclosure.

There is currently no patch available for 26% of all advisories released during the past 24 months.

“Reducing cyber-risks with limited resources involves knowing the potential targets, knowing the weaknesses of traditional defences, and knowing where to complement these defences. Secunia’s research demonstrates that knowing what to patch certainly pays off,” says Thomas Kristensen, Chief Security Officer, Secunia.

Download the Secunia Half Year Report 2011, here:

ENDS

About Secunia Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control vulnerability threats and risks across their networks and endpoints. This is enabled by Secunia's award-winning Vulnerability Intelligence, Vulnerability Assessment, and Patch Management solutions that ensure optimal and cost-effective protection of critical information assets. Secunia’s proven, complementary portfolio; renowned for its reliability, usability, and comprehensiveness, aids businesses in their handling of complex IT security risks and compliance requirements across industries and sectors – a key component in corporate risk management assessment, strategy, and implementation.

As a global player within IT security and Vulnerability Management, Secunia is recognised for its market-driven product development; having revolutionised the industry with verified and actionable Vulnerability Intelligence, simplified Patch Management, and automatic updating of both Microsoft and third party programs.

Secunia plays an important role in the IT security ecosystem, and is the preferred supplier for enterprises and government agencies worldwide, counting Fortune 500 and Global 2000 businesses among its customer base. Secunia has operations in North America, the UK, and the Middle East, and is headquartered in Copenhagen, Denmark.

For more information, please visit secunia.com