Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

IT Professionals Consider Zero-Day Vulnerabilities To Be The Most Critical Security Concern Facing Organisations Today

  • 01 August, 2007 09:52

<p>PatchLink Customer Survey Reveals that Controlling User Behavior and the Shrinking Window from Vulnerability to Exploit are the Key Challenges to Effective Vulnerability Management</p>
<p>Zero-day vulnerabilities are the top security concern for the majority (54 percent) of IT professionals, according to the results of an annual customer survey conducted by PatchLink Corporation, a global leader in security and vulnerability management. The survey, completed by more than 250 CIOs, CSOs, IT managers and network administrators across Europe, Asia Pacific and the U.S. , revealed that hackers are the second biggest security concern (35 percent) followed closely by malware/spyware (34 percent).</p>
<p>“The prospect of zero-day attacks is extremely troubling for organisations of all sizes. Today’s financially motivated attackers are creating customised, sophisticated malware designed to exploit unpublished application vulnerabilities in specific applications before they can be fixed,” said Charles Kolodgy, research director at IDC. “The problem is compounded by the ever-present human element. User behavior is difficult to control, and many hackers rely on users’ lapses in judgment to carry out their malicious activity. They also prey on the fact that many IT departments are spread thin and simply do not have the resources necessary to proactively defend against zero-day threats.”</p>
<p><b>Improved Processes and Confidence</b></p>
<p>According to survey results, faster remediation and more comprehensive risk assessment and prioritisation help organisations proactively address these concerns. IT managers reacted far quicker to emergency patches this year as compared to last, as 29 percent of organisations deployed critical updates within two hours during 2007 compared to just 14 percent in 2006. Seventy (70 percent) of IT managers completed fire-drill remediations within eight hours in 2007 compared to just 39 percent during the previous year. In addition, many respondents (60 percent) supplemented their vulnerability management process to include both agent- and network-based vulnerability scanning. As a result, a vast majority (99 percent) of respondents say their organisations are as secure or more secure today than they were in 2006.</p>
<p>“In 2003 and then again in 2004, we were hit with devastating worms that exploited vulnerabilities in different applications before we could release the patches from our home-grown deployment process,” said Jim Czyzewski, senior information systems specialist responsible for desktop patch management at MidMichigan Medical Center in Midland, Mich. “Now we’re facing less-visible threats such as botnets and rootkits that are typically propagated through zero-day exploits. Effective vulnerability management is critical and serves as the first line of defense against these new stealthier attacks.”</p>
<p><b>No Silver Bullet</b></p>
<p>Despite improved vulnerability management, the survey reveals that the inability to effectively control user behavior and the shrinking time from vulnerability to exploit are the most significant challenges to combating zero-day threats. As a result, IT managers are trying to gain control through an increasing number of security products and time spent monitoring and setting policies. Fifty (50) percent of respondents said they have more than 10 agents currently installed to perform security and/or operations tasks. Most respondents (66 percent) said they spend an hour or longer every day monitoring security and IT consoles, administrating agents and updating security policies.</p>
<p>“While the overall survey results demonstrate the effectiveness of a sound vulnerability management solution—especially in the most critical situations—they also reveal a glaring need for continuous protection and a more consolidated security approach,” said Patrick Clawson, chairman and CEO of PatchLink. “By acquiring Harris STAT and SecureWave products, we are taking a significant step towards delivering a single platform for unified protection and control of all critical IT assets and data. This approach will reduce the number of agents that our customers have to manage, and enables them to remain completely protected from all malicious exploits – both known and unknown.”</p>
<p><b>Note To Editor</b></p>
<p>Should you wish to set up an interview with Chris Wood, Director, PatchLink ANZ, please contact Sarah on 02 9212 3848 or</p>
<p><b>About PatchLink® Corporation </b></p>
<p>PatchLink, a global leader in vulnerability management solutions, provides the industry’s first comprehensive security platform for unified protection and control of all enterprise servers and endpoints. More than 5,000 organisations around the globe use PatchLink’s positive security model solutions to integrate management and administration, consolidate infrastructure, enforce enterprise-level policies, lower cost of ownership and reduce risk. PatchLink is headquartered in Scottsdale, Arizona and was founded in 1991 by Sean Moshir.</p>
<p>©2007 PatchLink Corporation. All rights reserved. PatchLink, SecureWave, the PatchLink logo, and the PatchLink and Sanctuary product names and logos are either registered trademarks or trademarks of PatchLink Corporation. In addition, other companies’ names and products mentioned in this document, if any, may be either registered trademarks or trademarks of their respective owners.</p>

Most Popular

Most Popular Reviews

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?