Washington, D.C. – (The Hosting News) – November 16, 2005 – Recently released research on network vulnerabilities shows that while significant improvement was made during the last year in patching practices, still two out of three, or nearly 70 percent of systems, are currently vulnerable and in jeopardy of potential exploit or attack.
CTO and VP Engineering of Qualys, Inc., a provider of on demand
vulnerability management and policy compliance solutions, today unveiled the
2005 findings on “Laws of Vulnerabilities” research that shows new trends in network vulnerabilities.
For more than three years, Eschelbeck analyzed statistical vulnerability data to create the “Laws of Vulnerabilities,” which identifies network security trends and allows organizations to recognize evolving threats and compare their remediation efforts with the rest of the industry. This year, the “Laws of Vulnerabilities” was drawn from a statistical analysis of nearly 21 million critical vulnerabilities, collected from 32 million live network scans, the largest real-world data set of network vulnerabilities to date.
The data shows that organizations have improved patching processes on internal systems by 23 percent and on external systems by 10 percent. However, the time-to-exploit cycle from automated attacks continues to shrink dramatically. Today, 85 percent of damage from automated attacks occurs within the first fifteen days from the outbreak.
The research also shows that the threat to wireless systems today is statistically very small. Only one in nearly 20,000 critical vulnerabilities is caused by a wireless device. However, there has been a significant shift from server-side to client-side vulnerabilities. More than 60 percent of new critical vulnerabilities occur in client applications. Client-side vulnerabilities require a user to take action, such as visiting a malicious website or opening an infected email attachment.
Gerhard Eschelbeck, CTO and VP of Engineering for Qualys commented on the research findings, ”2005 has been the year of improvements for patching and updating vulnerable systems. This is heavily driven by the fact that vendors like Microsoft and others are now are issuing regular advisories with patch updates, which ends up speeding the prioritization and remediation efforts within organizations.”
The full findings from the research can be found at http://www.qualys.com/laws.