Virtualization Technology News and Information
RSA and Infosec Surveys Reveal IT Departments Struggle with Vulnerability Management

A new survey of IT professionals revealed that new regulatory compliance requirements -- for implementing satisfactory technology solutions to address security vulnerabilities, data leakage and compliance -- remain difficult for enterprise organizations to effectively achieve.

Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, today announced results of its comprehensive survey of IT and security specialists conducted at both the RSA Conference 2008 and Infosecurity Europe 2008 events last month. The survey of 491 combined conference delegates from Europe and the U.S. identified their top security priorities and what solutions they may have implemented to manage the vulnerabilities that threaten their organizations.

According to the survey results, the top three priorities were: Data Protection / Leakage Prevention – 53.2 percent; Internal Network Security – 51.8 percent; and Policy and Regulatory Concerns – 43.8 percent. Other significant priorities were patch management – 38.6 percent and the security of virtualized machines – 32.6 percent.

Delegates were also asked about the solutions implemented for audit preparation and patch management and whether they were satisfied with them. For audit preparation, only 60.8 percent indicated that they were satisfied or highly satisfied which suggests that there are a significant proportion of organizations unhappy with their current solutions. Respondents were equally unhappy with patch management solutions with 40 percent reporting they were unsatisfied with their current technology solution.

“Despite efforts to apply various technologies companies continue to struggle with efforts to manage and close vulnerability gaps, while concerns over regulatory compliance are driving them to look for more ways to simplify through automation,” said Mark Shavlik, CEO, Shavlik Technologies. “Generally, organizations struggle to manage their security and compliance needs which leaves them open to attack or the discovery of a weak link by an auditor. We’re working with customers to resolve these issues to their satisfaction.”

Three quarters of respondents, 75.7 percent, confirmed they were either concerned or highly concerned over compliance with specific mandates such as PCI DSS, ISO 27002, or Sarbanes Oxley. They identified a broad range of solutions to manage the audit process—a total of 123, ranging from “home grown” to “a lot of systems” from various vendors. Many respondents indicated they continued with manual processes for elements of their patch management process, even though more than 115 different solutions for patch management were identified in the surveys.

“Companies are increasingly recognizing the need to automate operations in order to streamline compliance as an ongoing business process. But too many organizations still don’t have a standard approach, which leaves gaps in their security infrastructure,” added Shavlik. “At Shavlik we feel it’s critical to educate customers on the importance of mature, best-of-breed solutions that simplify, automate, and provide better control over security and compliance management.”

Published Tuesday, May 13, 2008 5:48 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2008>