WannaCry Exposed Gaping Risk Window between Identifying Vulnerability Risk and Fixing It
Flexera’s New Software Vulnerability Manager First to Shut Risk Window…for Good
Itasca, IL - June 20, 2017 When WannaCry hit, the world learned that for two months a patch had been available that would have prevented the problem. But its victims were those that hadn't yet deployed this patch. As many companies discovered the hard way, there is an unacceptable 'risk window' that persists between the discovery of a software vulnerability and when the patch is successfully installed. In 2016 17,147 vulnerabilities were recorded in 2,136 products from 246 vendors. 81 percent of those vulnerabilities had patches available on the same day as disclosure. But, on average, it takes companies 186 days to completely install those patches . This risk window gives hackers plenty of opportunity to exploit vulnerabilities, and perpetrate attacks with costly consequences to businesses.
Flexera, the company reimagining how software is bought, sold, managed and secured, today announces that it is closing the risk window. Launched today, Software Vulnerability Manager is the first product to fix the broken remediation process, helping companies shut the risk window by quickly identifying, prioritizing and patching vulnerabilities used as entry points by hackers. With the launch of Software Vulnerability Manager, CEOs can now rest easier.
"The disconnect between IT Operations and Security is a great example of organizational misalignment and yet another instance of how software is a 'highly dysfunctional supply chain'. Without technology and alignment bridging this gap, companies face unacceptable risk - as the WannaCry attacks laid bare to the world," said Jim Ryan, Chief Executive Officer at Flexera Software. "Before Software Vulnerability Manager, there was a huge time lag between IT Security identifying and prioritizing dangerous software vulnerabilities, and IT Operations patching them. With this release today, these teams can finally be on the same page, collaborate and slash the time it takes to eliminate vulnerability risk."
Bye Point-of-Failure, Hello SecOps
When WannaCry-type attacks arise, they confirm that remediation remains a constant point of failure in vulnerability management programs. Software Vulnerability Manager uses vulnerability intelligence, powered by Secunia Research at Flexera, to allow organizations to continually track, identify and remediate vulnerable software - before exploitation leads to costly breaches. It bridges existing gaps in vulnerability management programs, and connects IT Security and IT Operations to ensure a smooth hand-off from identification to remediation, significantly reducing the risk window.
"WannaCry sent a loud and clear message to every CIO and CISO around the globe - closing the vulnerability risk window is critical to keep businesses secure," said Tom Canning, Vice President of Solutions and Strategy at Flexera Software. "The time is ripe for IT Security and IT Operations to work together more effectively and efficiently with shared accountability, processes and tools that prove we don't need to sacrifice security for uptime and performance. With Software Vulnerability Manager, IT Security and IT Operations teams can implement SecOps initiatives to be true company champions. It is the only security solution to provide access to timely vulnerability advisories, accurate assessments and security patches - all in a single platform."
1 Verizon's 2016 Data Breach Investigations Report
- # # # -