A new survey found that organizations that implemented continuous monitoring are more than twice as likely to be satisfied with their vulnerability management approach compared to those who use periodic scanning.
Additionally, Forrester asked the 45 percent of respondents who had adopted CM to explain the benefits. They said that continuous monitoring:
- Benefits all stages of vulnerability management
- Benefits all verticals
- Better equips organizations to deal with a mobile workforce
- Benefits those with a risk focused VM program the most
- Satisfies the CISO more than any other role.
The study found that:
- Nearly 74 percent of the surveyed respondents experienced challenges with their overall VM program
- 79 percent claimed they were more likely to miss critical vulnerabilities due to insufficient data to narrow down appropriate endpoints for scanning
- 70 percent scan monthly or less.
Maintaining a consistent and effective vulnerability management workflow emerged as a major concern with 77 percent of respondents having concerns about accurate asset discovery. The explosion of transient endpoints compounds the difficulties of discovering all an organization’s assets and greatly increases the likelihood of an effective breach if unknown assets are not identified and assessed properly.
Furthermore, 66 percent stated they were not confident in conducting proper vulnerability remediation. Once scans returned the data, they did not feel they had a clear picture of the risks in order to accurately prioritize and take action.
“Periodic vulnerability scans have failed the modern-day CISO,” said Gula. “Breaches are still occurring at an alarming rate, and the threat landscape is ever-evolving. The goal for any CISO is to remain ahead of the threat curve, and the only way to do this is through adopting a continuous monitoring platform. This enables users to rapidly deploy patches to shut down these threats in hours, not months so that dangerous windows of opportunity get shut before business-critical data is compromised.”