Organizations that automate vulnerability management to find and fix vulnerabilities and unknown exploits in IT systems gain significant advantages according to the latest IT PCG research report. Entitled, “Why Automating Vulnerability Management Pays,” the report details how regular vulnerability management procedures can

• Reduce unexpected business downtime from IT disruptions
• Reduce the likelihood of data loss or theft
• Contribute to reductions in security and audit deficiencies in IT
• Deliver a ROI that could easily exceed 150 percent annually

Overcoming the impact of vulnerabilities

According to the research report, about half of all vulnerabilities are being found in three specific areas in IT:

1. Web-sites, web systems and web browsers
2. Email systems and applications
3. PCs, laptops and mobile devices.

The other half of vulnerabilities are being found in other IT systems, including network equipment and software; IT systems, servers and operating systems; database systems and software; office productivity applications and files; and data storage systems and software.

Automation of the procedures to find and fix vulnerabilities is one of the most critical factors responsible for fewer IT systems being compromised by vulnerabilities, better IT service levels and less business downtime, better protection of sensitive information and fewer losses or thefts of such information, and fewer audit deficiencies that must be corrected in IT.

Using internally operated software to scan for vulnerabilities and conduct penetration tests against unknown exploits, the organizations with the best track-records are automating 85 percent of the procedures to find vulnerabilities and 51 percent of the procedures to fix vulnerabilities. All the organizations with higher levels of data loss or theft, higher levels of business downtime and more problems with audit are automating fewer procedures to find and fix vulnerabilities.

Instead of probing for vulnerabilities on just Internet-facing systems, the organizations experiencing the least amount of business downtime and the lowest theft or loss of sensitive information are targeting most production systems weekly and bi-weekly to monthly. The frequent probing and testing explains why more than twice as many vulnerabilities are being found and less than half as many IT systems are being compromised among these organizations.

Although the financial impact from business downtime, data theft or loss, and audit expense varies, the benchmark results make it clear: minimum returns of 150 percent are easily going to be exceeded for most organizations. Thus, automating the procedures to find and fix vulnerabilities pays—and pays well.

Learn more by downloading the full report

You must be a member to view this report. Join ITPolicyCompliance.com now!