Get this blog as an RSS Feed

New white paper: Securing a moving target

12:15 CET, 29th June 2011 By Stefan Frei.

I am pleased to share with you our new white paper focusing on the interrelation between IT security, risk management, and compliance: ‘How to secure a moving target with limited resources - Effectively mitigating business risks while the evolution of threats blindfolds traditional defences.’

How can an organisation balance the need to patch systems with the risks it faces and the need for stability? Our research concludes the following:

  • Firstly, compliance does not imply security. Secondly, traditional defences have many limitations and can be bypassed.
  • Patching is a primary security measure as it eliminates the root cause of compromise.
  • It's all about quality not quantity. A comparison of two patching strategies shows that knowing what to patch pays off.
  • However, identifying critical programs to achieve risk reduction is like chasing a moving target.
  • Then the risk of a failed patch vs. the cost of extensive testing needs to be weighed up.
  • Research reveals that an 80% reduction in risk can be achieved by patching and identifying either the 12 most risky programs or the 37 most prevalent programs.
  • Organisations cannot be complacent though, because what works today may not tomorrow. Therefore a dynamic and tactical approach is needed.
  • 0-days are potentially paralysing external forces that are difficult to control. However, it's not all doom and gloom. Organisations hold the power to patch 65% of vulnerabilities on the day of disclosure firmly in their hands.
  • Can they afford to ignore the opportunity to significantly alter their threat landscape?

Overall, this white paper shows that organisations can do more with less. An intelligent patching strategy is an effective approach for reducing vulnerability risks, as well as for maximising operational efficiency with minimal costs.

You can download the white paper here.

I hope you enjoy reading it.

Stay Secure,

Stefan Frei, Research Analyst Director

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.

Subject: New white paper: Securing a moving target

User Message
[+]

omaxpaull

RE: New white paper: Securing a moving target
This reply has been deleted

izattsolo

RE: New white paper: Securing a moving target
[+]
This reply has been deleted

You must be logged in to post a comment.