Best Practices Derived from Laws of Vulnerabilities Research Identifies Weekly Auditing of Critical Assets as Top Security Priority
InfoSec World Conference, Orlando, FL — March 23, 2004 — The Yankee Group today announced the development of Dynamic Best Practices in Vulnerability Management to help organizations better manage network resources to identify and eliminate security weaknesses in a timely manner. Implementing dynamically changing best practices in vulnerability management is the most effective, preventative measure security administrators can use to thwart automated attacks and preserve network security. The guidelines and metrics developed by the Yankee Group were derived from The Laws of Vulnerabilities research, authored by Gerhard Eschelbeck, CTO of Qualys. The Dynamic Best Practices in Vulnerability Management is a custom consulting report contracted by Qualys from the Yankee Group.
“Performing regular security audits is a vital step companies must take to keep up with the changing security landscape,” said Eric Ogren, Senior Analyst at the Yankee Group. “With each new breed of attack, it is clear that best practices in IT security must be achieved for organizations to effectively protect critical network assets.”
The Dynamic Best Practices in Vulnerability Management are based on key findings from The Laws of Vulnerabilities. The best practices apply vulnerability management as the one solution IT can count on to measure and manage the effectiveness of a network defense program. The Laws of Vulnerabilities are derived from the industry’s largest vulnerability dataset and reveal vulnerability half-life, prevalence, persistence, and exploitation trends. These trends were drawn from statistical analysis of vulnerabilities collected by more than three million scans during a two-year period.
Based on these Laws, the Yankee Group defines four dynamic best practices for vulnerability management as:
“Regulations such as HIPAA and Sarbanes-Oxley, coupled with recent threats from viruses like MyDoom, have required companies like Geisinger to adopt industry best practices that will ensure compliance and proactive network protection” said Jaime Chanaga, Chief Information Security Officer for the Geisinger Health System in Pennsylvania. “Yankee Group’s best practices underscore the importance of continuous vulnerability scanning in today’s changing threat environment.”
Yankee Group and Qualys are presenting these Best Practices in Vulnerability Management at a panel discussion at InfoSec World on Tuesday, March 23rd at 6:00 p.m. To access the entire research report, please visit the Qualys website at: https://www.qualys.com/yankee.
The Laws of Vulnerabilities are:
The Yankee Group is the global leader in communications & networking research and consulting. The company helps businesses understand the opportunities, risks and competitive pressures of developing, deploying and consuming products and services that drive communication or information exchange. Now in its fourth decade, the Yankee Group is based in Boston with offices throughout North America and Europe. http://www.yankeegroup.com
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.