The Need for Speed in Vulnerability Detection and Patch Deployment

“I feel the need, the need for speed,” is a famous line from the movie Top Gun. Back then it referred to fast airplanes. But it could equally apply to vulnerability management. The pace with which IT department detect breaches, deploy patches, and conduct vitally needed remediation actions leaves a lot to be desired. Cyber-attackers could be likened to a Top Gun F14 jet compared to IT’s vulnerability management horse and cart.

With so many reports of breaches, cyber-attacks, and successful ransomware attempts, it would be reasonable to assume that organizations would have scrambled to shore up their defenses – that they would be diligently improving the efficiency of their processes to detect potential vulnerabilities and initiate remediation efforts. Yet the oppositive appears to be true. Enterprises are failing badly to keep up with cyber-attackers.  

This data comes from the Ponemon Institute. It investigated the state of vulnerability response in the enterprise. Key findings included the fact that the severity and volume of cyberattacks is increasing yet most organizations are not doing a thorough or timely job detection and prevention.  

Here are some of the key findings:  

  • 39% said their organizations were aware that actual breaches were linked to known vulnerabilities.  
  • 50% didn’t believe their detection capabilities were fast enough.  
  • 56% didn’t give a good rating to their ability to patch in a timely manner.  
  • Most organizations lack awareness of vulnerabilities that could lead to a data breach.  
  • On average, it takes 43 days to see a cyberattack once a patch is released for a critical or high priority vulnerability.  
  • Organizational patching processes are under greater pressure because they have less time to patch vulnerabilities before being attacked.  
  • Silo and turf issues were cited as reasons for delays in patching. 88% said their team was not fully responsible for patching vulnerabilities and must coordinate with other teams. This adds 12 days to existing patching processes.  
  • CVSS scoring is often the only metric of patch prioritization and leaves out asset criticality and systems as a part of vulnerability response.  
  • The reasons why vulnerability patching was delayed included lack of resources, no common view of applications and assets, and inability to take critical applications and systems off-line so they can be patched quickly.  
  • Respondents believed attackers are outpacing their organizations with such technologies as machine learning/artificial intelligence.  
  • Too much time is spent navigating manual processes rather than responding to vulnerabilities.  

The Importance of Automation  

The study stressed the importance of automation as a means of improving patch management and vulnerability detection. Organizations that use automation noted that it helped them become better at patching.  

However, only 44% of organizations are using automation to assist with vulnerability management and patching. They typically use automation mostly for prioritization and patch deployment. Yet there are so many other ways automation could be used to enhance cybersecurity.  

Ponemon Institute findings were unequivocal. Patching prevents data breaches. Yet half of respondents had suffered one or more data breaches over a two-year period. 60% agreed that these breaches would not have occurred if an available patch had been applied. The vulnerability was known and a patch had been issued – yet it had not been implemented.  

Automation would certainly help speed patch deployment. It can take six weeks or more on average for organizations to patch a high priority vulnerability after a patch has been released. For medium or low priority vulnerabilities, the time factor stretches to 151 days. The time taken to patch critical security flaws is bad enough. But five months for medium priority vulnerabilities is asking for trouble. Cybercriminals have even developed tactics whereby they launch multi-faceted attacks that hit high, medium, and low vulnerabilities simultaneously. They know that many organizations pay the most attention to vulnerabilities with a higher rating. So, they go after lower priority vulnerabilities simultaneously as they look for a way into the enterprise.   

Syxsense provides fully automated vulnerability detection and patch management technology. Our advanced detection logic scans your network and identifies devices with missing updates. It provides organizations with the ability to close the time between identification and containment and spot critical threats early to enable instant deployment of remediation actions. 

For more information visit