The ongoing struggle to update vulnerable software by finding and applying the right patches in a timely manner has led half of enterprise IT departments to use Web application firewalls (WAFs) either in lieu of patching or to offer some protection before patching can be achieved.
This comes from a new Dark Reading report, “How Enterprises Are Securing the Application Environment.” The survey asked 136 IT, cybersecurity, and application development professionals from organizations across more than 20 industry verticals about their application development practices.
The difficulty of finding and applying security patches is well known. In a recent series of ransomware reports, cyber-risk management company Black Kite noted that patch management was a continuing weakness across industries as varied as pharmaceuticals and auto manufacturing. While safe and reliable automation is in development, IT departments often have to make do with risk-based management and harm-reducing workarounds.
When the Dark Reading survey asked respondents in 2022 how they use WAFs to reduce risk to their Web applications, 14% admit to using WAFs instead of patching flaws, and 36% say they use WAFs as a…
