70 percent of organizations use a vulnerability assessment tool
A new study from Netwrix reveals that 70 percent of organizations use a vulnerability assessment tool, but not always for the reasons you might think.
Rather than to ensure compliance, 70 percent say the primary reason for purchasing the tool is the need for proactive security measures. In addition 76 percent of those who don't yet own a vulnerability assessment tool and plan to acquire one in the near future for the same reason.
"The survey shows that continuous scanning for known vulnerabilities is a popular approach for proactively securing an IT environment," says Joe Dibley, security researcher at Netwrix. "Technology teams implement these tools to proactively identify, prioritize and manage risks to the business. Only eight percent of respondents who don’t own a solution say they do not require one. This shows that vulnerability management is widely considered a must-have."
In the last few years companies have become more security-focused, with widely-covered incidents like Colonial Pipeline and Solar Winds making the consequences of breaches more apparent to everyone, not just the IT department. As a result, CISOs and CIOs have been able to secure approval for increases in their cybersecurity budgets.
But while budget is the key consideration for 58 percent of respondents, 52 percent say they would consider changing to a new solution if it would reduce the volume of false positive alerts.
"Every false positive finding takes time away from a security-focused team member. Many technology teams are already overloaded far beyond 100 percent, so lots of false positive notifications can lead to alert fatigue and burnout," adds Dibley. "In addition, 38 percent of respondents said they would consider changing tools to gain greater breadth of infrastructure coverage, which shows that organizations are gaining a greater understanding that they need to protect not only their servers but also their switches, storage and other infrastructure-related items."
The full report is available from the Netwrix site.