informa
4 MIN READ
Products & Releases

Skybox Security Survey Reveals Traditional Vulnerability Scanners Not Working

Survey illustrated a major disconnect between the frequency and the breadth of vulnerability scanning actually conducted
San Jose, Calif., July 11, 2012 – Skybox Security, the leader in proactive security risk management solutions, today announced the results of its survey that reveal several major pitfalls involving traditional vulnerability scanners. The Skybox Security Vulnerability Management Survey 2012, conducted in conjunction with Osterman Research, polled more than 100 IT decision makers including security managers, and network and systems engineers involved in vulnerability management processes. The companies surveyed ranged in size from 250 to 350,000 employees, with median size of 2,900 employees. Vulnerability scanners are the main tools used over the last 15 years to detect vulnerabilities by actively probing network hosts for many thousands of attack patterns.

The survey reveals that while 92 percent of companies have a vulnerability management program in place, nearly half consider their networks to range from “somewhat” to “extremely” vulnerable to security threats. Even more surprisingly, 49 percent of companies surveyed have experienced a cyber attack leading to a service outage, unauthorized access to information, data breach, or damage over the past six months.

The survey illustrated a major disconnect between the frequency and the breadth of vulnerability scanning actually conducted and the amount that the respondents felt was needed. Forty percent of companies scan their internal networks once per month or less frequently, and even the critical DMZ zones are typically scanned once per week or less often. The coverage, or percent of hosts scanned, was also an issue: 27 percent of large organizations reported scanning less than half of hosts in the DMZ per cycle, while 60 percent of medium sized companies scan less than half of the DMZ hosts. Yet, 49 percent of respondents said their organizations did not conduct vulnerability scanning as often or as in depth as they would like.

There were a number of reasons given for the poor scanning frequency and coverage. Fifty-seven percent of respondents reported that traditional active scanning often disrupts network services and vital business applications, 33 percent reported that parts of the network are not scannable, and 29 percent reported that they have difficulties gaining the system credentials required in order to conduct scans.

“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks,” said Gidi Cohen, CEO at Skybox Security. “Critical vulnerabilities have to be identified, prioritized, and remediated daily, across a significant portion of the infrastructure, in order to systematically shrink the risk window and prevent data breaches and attacks.”

Key survey takeaways:

• More than 90 percent of firms have a vulnerability management program and consider vulnerability management a priority

• 49 percent of companies have experienced a cyber attack leading to a service outage, unauthorized access to information, data breach, or damage over the past six months

• 40 percent of companies scan their DMZ monthly or less frequently

• Internal networks and data centers get the top priority in terms of scanning frequency with 35 percent of organizations scanning these zones on a daily basis

• Large organizations (more than 1,500 employees) tend to scan more frequently and with greater coverage of hosts compared to mid-size organizations (250-1,499 employees)

• 73 percent of large organizations (more than 1,500 employees) scan at least 50 percent of hosts in their DMZ, while only 39 percent of mid-size organizations (250-1,499 employees) scan at least 50 percent of hosts in their DMZ

• Both large and mid-size organizations cite “concerns about disruptions caused by active scanning” and “don’t have the resources to analyze more frequent scan data” as the top reasons for scanning less often than desired.

• Large organizations cite lack of patching resources and non-scannable hosts as a significantly greater issue than mid-size organizations.

The full survey findings are available for download at: http://lp.skyboxsecurity.com/VMSurvey.html

About Skybox Security, Inc.

Skybox Security, Inc. is the leader in proactive security risk management solutions, providing automated, non-intrusive tools that detect, prioritize, and drive remediation of critical risks such as exposed vulnerabilities and firewall configuration errors. Skybox solutions prevent potential cyber attacks and data breaches by providing IT decision makers with continuous network visibility and sophisticated security analytics. Organizations in Financial Services, Government, Energy, Defense, Retail, and Telecommunications rely on Skybox Security solutions daily to reduce risk exposure, implement secure change management processes, and achieve continuous compliance. For more information visit www.skyboxsecurity.com.

Editors' Choice
Robert Lemos, Contributing Writer, Dark Reading
Shikha Kothari, Senior Security Adviser, Eden Data