Major pitfalls involving vulnerability scanners
While 92 percent of companies have a vulnerability management program in place, nearly half consider their networks to range from “somewhat” to “extremely” vulnerable to security threats, according to Skybox Security.
Even more surprisingly, 49 percent of companies surveyed have experienced a cyber attack leading to a service outage, unauthorized access to information, data breach, or damage over the past six months.
The survey illustrated a major disconnect between the frequency and the breadth of vulnerability scanning actually conducted and the amount that the respondents felt was needed. Forty percent of companies scan their internal networks once per month or less frequently, and even the critical DMZ zones are typically scanned once per week or less often.
The coverage, or percent of hosts scanned, was also an issue: 27 percent of large organizations reported scanning less than half of hosts in the DMZ per cycle, while 60 percent of medium sized companies scan less than half of the DMZ hosts. Yet, 49 percent of respondents said their organizations did not conduct vulnerability scanning as often or as in depth as they would like.
There were a number of reasons given for the poor scanning frequency and coverage. Fifty-seven percent of respondents reported that traditional active scanning often disrupts network services and vital business applications, 33 percent reported that parts of the network are not scannable, and 29 percent reported that they have difficulties gaining the system credentials required in order to conduct scans.
Key survey takeaways:
- More than 90 percent of firms have a vulnerability management program and consider vulnerability management a priority.
- 49 percent of companies have experienced a cyber attack leading to a service outage, unauthorized access to information, data breach, or damage over the past six months.
- 40 percent of companies scan their DMZ monthly or less frequently.
- Internal networks and data centers get the top priority in terms of scanning frequency with 35 percent of organizations scanning these zones on a daily basis.
- Large organizations (more than 1,500 employees) tend to scan more frequently and with greater coverage of hosts compared to mid-size organizations (250-1,499 employees).
- 73 percent of large organizations (more than 1,500 employees) scan at least 50 percent of hosts in their DMZ, while only 39 percent of mid-size organizations (250-1,499 employees) scan at least 50 percent of hosts in their DMZ.
- Both large and mid-size organizations cite “concerns about disruptions caused by active scanning” and “don’t have the resources to analyze more frequent scan data” as the top reasons for scanning less often than desired.
- Large organizations cite lack of patching resources and non-scannable hosts as a significantly greater issue than mid-size organizations.