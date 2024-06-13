New research shows that nearly 30 percent of enterprise IT assets are missing at least one critical security control, such as endpoint security or patch management.

The study from Sevco Security also shows more than six percent of all IT assets have reached the end-of-life stage, creating instances of known-but-unpatched vulnerabilities.

The research used data aggregated from visibility into 1.2 million assets and shows that 28 percent of all IT assets are missing at least one critical control -- either endpoint protection or patch management. Looked at in detail 22 percent of IT assets aren't covered by enterprise patch management solutions, while 10 percent of all IT assets are missing endpoint protection. 23 percent of IT assets are not covered by enterprise vulnerability management systems either.

"These environmental vulnerabilities -- vulnerabilities in the configuration or state of your IT environment, be they missing controls, unknown assets (shadow IT), or system software that is out of date and end-of-life -- are hiding in plain sight throughout enterprise environments, creating a landscape of threats that security teams can't see, but are still accountable for," says J.J. Guy, CEO and co-founder of Sevco Security. "They may not drive headlines the way that high-profile CVEs like Log4Shell or Spring4Shell have, but the threat they introduce to enterprise environments is just as dire."

Image credit: one photo/Shutterstock