TechTarget

Users take two months to patch internal IT

Companies are taking an average of two months to patch internal systems, according to research presented to the Black Hat...

Companies are taking an average of two months to patch internal systems, according to research presented to the Black Hat Briefings security conference.

The Laws of Vulnerabilities assessment from ITsecurity group Qualsys found it takes firms on average 62 days to patch internal systems, and 21 days to patch internet-connected systems.

The study also found that 50% of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis, and the lifespan of some worms is unlimited.

"In most cases, worms are circulating faster than systems being patched inside the network. Organisations have to be more aggressive about protecting their internal systems," said Gerhard Eschelbeck, CTO at Qualys.

The research looked at trends relating to four million critical vulnerabilities collected over two and a half years.

Phil Cracknell, security consultant at NetSecurity, said, "There has to be some delay in a patch being released and tested, but I expected it to be lower than 21 days. Companies have to get it down - five days is acceptable. They have to lose the hard-shell, squishy-centre mentality."

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close