A new report from Zafran Security shows that enterprise risk management is shifting from volume to value, and from patching everything to fixing what matters most.
The study, carried out by Foundry MarketPulse, reveals that only one in 50,000 vulnerabilities actually pose a critical risk — and the ones getting exploited the most are often old, quiet, and ignored.
Nearly three-quarters of respondents (73 percent) consider it highly important for vulnerability management solutions to prioritize risk using IT context, but 81 percent say there are challenges in that process.
Improving risk prioritization is the number one reason 45 percent cite for adopting a new vulnerability management solution, followed by: enhancing visibility into real-time vulnerability exposure and risk levels — 44 percent, and expediting the remediation of vulnerabilities with the highest business impact — 40 percent.
“Far too often, organizations default to prioritizing vulnerability patching based solely on CVSS scores, which can create a misleading sense of security,” says Nate Rollings, field CISO at Zafran. “To truly reduce risk, it’s critical to shift toward a modern,…
