Report

State of Enterprise Vulnerability Detection and Patch Management

Demographics of
the report

Insights uncovered in
this report

The majority of companies (76%) are deploying automated patching procedures.

75% of respondents said that they relied on manual online research as one of their tools to find out more about dangerous vulnerabilities, making this the most commonly used tool.

Most respondents said that CentOS itself, or another CentOS fork, is their predominant server OS

73% of respondents said that their server fleets use just one OS, with just 27% suggesting that they use a mix of operating systems in their server fleets

  • Vulnerability management tools are relatively complex and typically carry a steep learning curve while features and capabilities vary from product to product. We asked respondents what features they would like to see in their ideal vulnerability scanner and patch management tool. Responses varied, preferences included “logging”, “minimal impact on system resources”, “phased rollouts” and “detection of backported fixes”.

  • Emergency maintenance windows is arguably the most disruptive mechanism that organizations use to respond to emerging CVEs, but it was nonetheless the preferred choice when dealing with a known vulnerability. It can therefore be suggested that, for over 70% of respondents, the risks associated with a potential security breach outweighs operational and availability considerations.

  • The only non-disruptive vulnerability mitigation method used, live patching, was chosen by nearly half of the respondents. Interestingly, many respondents replied that they cope with vulnerabilities simply by waiting for the next periodic maintenance window. This, in turn, implies that their systems will remain vulnerable during the waiting period.

  • Most industries reported less than two hours per week lost to patching procedures. However, two industries reported outsize numbers – transport and logistics and media and creative industries both reported considerably higher hours lost due to patching.

  • Across industries, documenting the patching process is not consuming a significant amount of time when compared to other patching-related tasks – in fact, documenting the patching process consumes the least amount of time.

  • In some industries, obtaining approval for a maintenance window can be the most time-consuming element of the patching process – in some cases consuming more time than applying, documenting, or monitoring patching.

Ideal Vulnerability Management Tool Features

Vulnerability management tools are relatively complex and typically carry a steep learning curve while features and capabilities vary from product to product. We asked respondents what features they would like to see in their ideal vulnerability scanner and patch management tool. Responses varied, preferences included “logging”, “minimal impact on system resources”, “phased rollouts” and “detection of backported fixes”.

How do you cope with detected vulnerabilities?

Emergency maintenance windows is arguably the most disruptive mechanism that organizations use to respond to emerging CVEs, but it was nonetheless the preferred choice when dealing with a known vulnerability. It can therefore be suggested that, for over 70% of respondents, the risks associated with a potential security breach outweighs operational and availability considerations.

How do you cope with detected vulnerabilities?

The only non-disruptive vulnerability mitigation method used, live patching, was chosen by nearly half of the respondents. Interestingly, many respondents replied that they cope with vulnerabilities simply by waiting for the next periodic maintenance window. This, in turn, implies that their systems will remain vulnerable during the waiting period.

Average hours of downtime for patching per week, per industry

Most industries reported less than two hours per week lost to patching procedures. However, two industries reported outsize numbers – transport and logistics and media and creative industries both reported considerably higher hours lost due to patching.

Average hours of downtime for patching per week, per industry

Across industries, documenting the patching process is not consuming a significant amount of time when compared to other patching-related tasks – in fact, documenting the patching process consumes the least amount of time.

Average hours of downtime for patching per week, per industry

In some industries, obtaining approval for a maintenance window can be the most time-consuming element of the patching process – in some cases consuming more time than applying, documenting, or monitoring patching.

The survey is still running

Participate and get a chance to win one of ten Certified Kubernetes Administrator
Certification from The Linux Foundation

How TuxCare can help your
organization

Live Patching Services

Put an end to service interruptions & non-compliance caused by system reboots

End-of-life Linux Support Services

Eliminate security vulnerabilities while running End-of-Life Linux

Linux support Services

Keep all components of the production Linux systems always up-to-date with vendor-level support services

All TuxCare services include integrations with patch management tools, vulnerability scanners, ePortal secure patch server, and 24 / 7 support.

Download the report

Your compare list

Compare
TOUT RETIRER
COMPAREZ
0