With the overabundance of various computer viruses and worms slithering relentlessly all over the Internet, 2003 alone saw nearly 80% of businesses disrupted even if they used antivirus protection software, according to the Yankee Group.
It's a daunting task for security managers to constantly keep up with their network's vulnerabilities, bringing up the question: How do you best protect a network without spending a ridiculous amount money or allocating an unrealistic amount of time to do so?
The answer might be easier than you think. According to the Dynamic Best Practices in Vulnerability Management report commissioned by the Boston-based technology research firm, security managers need to incorporate four simple best practices when securing their networks from vulnerabilities.
They include: classifying network assets by their value to business; integrating the most current vulnerability management solutions, measuring a network on a 30-day cycle and charting the security team's performance so the end result is risk reduction; and auditing critical assets every five to 10 days to identify vulnerabilities and protect against exploits.
"Security landscapes are constantly being exploited and businesses must now take a proactive approach by performing regular security audits to their networks or risk losing critical information," said Eric Ogren, a senior analyst at the Yankee Group.
The Yankee Group report is based on findings from the Laws of Vulnerabilities, a document about external network vulnerabilities authored by Qualys Inc., a provider of security audit and vulnerability management services.
Gerhard Eschelbeck, chief technology officer at Qualys, collected data from more than three million IP scans across thousands of business enterprises networks around the world.
"In conducting this research, I found more than 2,000 different vulnerabilities on the Internet and realized that even vulnerabilities that are patched, can still resurface, due in part to application upgrades," stated Eschelbeck.
Qualys plans a follow-up on this report and also will conduct research into studying internal network vulnerabilities; both reports are due out this summer.