Cyber security professionals don't trust data from their tools
A majority of cyber security professionals don’t trust the data that they get from their tools according to a new report from risk analysis company Bay Dynamics.
The survey, carried out by research firm Enterprise Management Associates, of more than 400 security professionals in organizations with more than 5,000 employees reveals that 52 percent of threat alerts are improperly prioritized by systems and must be manually re-prioritized.
Other findings include that enterprises with more than 20,000 employees manage a staggering number of problems, with more than 1.3 million vulnerabilities every 30 days. No wonder that 74 percent of respondents say they are overwhelmed by the volume of vulnerability maintenance work.
This is reflected in the fact that 64 percent of threat alerts are not addressed each day. Also 79 percent of respondents say their patching approval process is significantly manual, yet when asked to rate the level of maturity of their vulnerability management programs, 87 percent say they have a 'very mature to moderately mature' patching process.
"Security professionals are overwhelmed by endless threats and vulnerabilities and are unable to decipher which ones could cause the most harm," says Ryan Stolte, co-founder and CTO at Bay Dynamics. "They lack confidence in their security tools' prioritization capabilities, and thus end up manually stitching together the information needed to re-prioritize the most critical vulnerabilities and imminent threats. To relieve the pain, security teams need a system of record that automatically prioritizes threats and vulnerabilities based on financial impact to the organization, delivers that information to the individuals responsible for action, and provides updates of their mitigation status."
You can find out more in the full report which is available on the Bay Dynamics website.