As the 2017 Equifax data breach illustrates, unpatched software represents a massive cybersecurity challenge for enterprises today. In that case, the vulnerability in question was well known, and a patch was available. Equifax simply hadn’t applied the patch.
On the surface, this ‘patching gap’ – the time between the availability of a patch for a software vulnerability and the application of that patch – shouldn’t be that long. After all, what’s so difficult or time-consuming about applying a patch?
In large organizations, however, the answer is – quite a bit. “Patching is a losing battle,” explains Sean Convery, VP and GM of the Security Business Unit at ServiceNow. “There are so many open vulnerabilities – sometimes in the millions. People are barely staying ahead of the most urgent vulnerabilities.”
Enterprises typically have thousands of different pieces of software, ranging from mobile apps on phones to legacy systems of record running in on-premises data centers – and everything in between.
Furthermore, such software is typically a mix of commercial off-the-shelf (COTS) packages, open source software, and custom-built applications. Vulnerabilities crop up in all of these on a regular basis.
Intellyx publishes the Agile Digital Transformation Roadmap poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, ServiceNow is an Intellyx customer. None of the other organizations mentioned in this article are Intellyx customers. Image credit: GlueGunGlory.