Organisation are stuggling to be compliant with current and emerging government standards, according to Tenable Network Security Asia-Pacific principal architect, Dick Bussiere.
“If you do an annual assessment, by the time you go back a year later, the machines you fixed will likely have vulnerabilities again,” he said.
“The vulnerabilities will be different, the machines will still be vulnerable.”
However, if a company perform this process as a continuous function, Bussiere they will not encounter this problem.
“If you are employing our security centre technology by the time the auditor knocks on the door, you are already compliant because you have been keeping up with it,” he said.
Threats on the rise
In 2000, Bussiere said it was vulnerabilities that “kept customers up at night,” as well as “things on the network that are potentially damaging” to the overall infrastructure.
Fast forward to 2011, where the National Institute of Standards and Technology (NIST) found that there were about 5,800 vulnerabilities disclosed.
“That averages out to 77 vulnerabilities on a weekly basis being disclosed publicly,” Bussiere said.
Bussiere admits that attempting to keep up with that and eliminating these vulnerabilities is not easy, particularly if an organisations does not have anything to assist with it.
“When a vulnerability is initially disclosed, that is the time it is most virulent and attackers will exploit it before it gets patched,” he said.
“This underscores the criticality of having a rapid vulnerability detection and mitigation process.”
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.