Zero-day vulnerabilities are the top security concern

Zero-day vulnerabilities are the top security concern for the majority (54 percent) of IT professionals, according to the results of an annual customer survey conducted by Scottsdale, Arizone-basedPatchLink Corporation. The survey, completed by more than 250 CIOs, CSOs, IT managers, and network administrators across Europe, Asia Pacific, and the United States , revealed that hackers are the second biggest security concern (35 percent), followed closely by malware/spyware (34 percent). According to survey results, faster remediation and more comprehensive risk assessment and prioritization help organizations address these concerns. IT managers reacted far quicker to emergency patches this year as compared to last, as 29 percent of organizations deployed critical updates within two hours during 2007 compared to just 14 percent in 2006. Seventy (70) percent of IT managers completed fire-drill remediations within eight hours in 2007 compared to just 39 percent during the previous year. In addition, many respondents (60 percent) supplemented their vulnerability management process to include both agent- and network-based vulnerability scanning. As a result, a vast majority (99 percent) of respondents say their organizations are as secure or more secure today than they were in 2006.

Despite improved vulnerability management, the survey reveals that the inability to effectively control user behavior and the shrinking time from vulnerability to exploit are the most significant challenges to combating zero-day threats. As a result, IT managers are trying to gain control through an increasing number of security products and time spent monitoring and setting policies. Fifty (50) percent of respondents said they have more than 10 agents currently installed to perform security or operations tasks. Most respondents (66 percent) said they spend an hour or longer every day monitoring security and IT consoles, administrating agents and updating security policies.