[ISN] Patch management flubs facilitate cybercrime

http://www.networkworld.com/news/2014/032714-solutionary-280149.html By Ellen Messmer Network World March 27, 2014 Failures in patch management of vulnerable systems have been a key enabler of cybercrime, according to the conclusions reached in Solutionary’s annual Global Threat Intelligence Report out today, saying it sees botnet attacks as the biggest single threat. The managed security services provider, now part of NTT, compiled a year’s worth of scans of customers’ networks gathered through 139,000 network devices, such as intrusion-detections systems, firewall and routers, and analyzed about 300 million events, along with 3 trillion collected logs associated with attacks. Solutionary says it relies on several types of vendor products for these scans, including Qualys, Nessus, Saint, Rapid7, nCircle and Retina. Solutionary also looked at the latest exploit kits used by hackers, which include exploits from as far back as 2006. Solutionary found that half of the vulnerability scans it did on NTT customers last year were first identified and assigned CVE numbers between 2004 and 2011. “That is, half of the exploitable vulnerabilities we identified have been publicly known for at least two years, yet they remain open for an attacker to find and exploit,” Solutionary said in its Global Threat Intelligence Report. “The data indicates many organizations today are unaware, lack the capability, or don’t perceive the importance of addressing these vulnerabilities in a timely manner.” […]