Business
Qualys Threat Research Unit (TRU) Launches 2023 TruRisk Research Report
Insights provide data-backed, actionable steps for security teams to decrease risk and increase the resilience of their organization FOSTER CITY, Calif.,
About this update from Qualys, Inc.
[{"type":"text","content":"Insights provide data-backed, actionable steps for security teams to decrease risk and increase the resilience of their organization\nFOSTER CITY, Calif., March 28, 2023 /PRNewswire/ -- Qualys Inc. (NASDAQ: QLYS), a leading provider of cloud-based IT, security and compliance solutions, today released its 2023 TruRisk Research Report. The report traverses the global number of vulnerabilities detected by Qualys in 2022 – upwards of 2.3 billion. The findings of the report match the opportunistic behavior of threat actors who continue to be agile in modifying techniques to achieve successful exploits.\n\n \n \n \n \n \n \n\n \nAs digital transformation across businesses and governments is increasingly leveraged to accelerate productivity, new software tools to underpin these initiatives and programs is being developed quicker than ever. As technology continues to advance at a rapid pace, the number of software vulnerabilities surges, introducing significant levels of risk to organizations' environments.\nQualys' passion and vision for helping companies reduce their cyber risk has led the Qualys Threat Research Unit (TRU) to take a deep dive into the 13+ trillion events tracked by the renowned Qualys Cloud Platform. TRU mined anonymized detection statistics to uncover insights into the vulnerabilities found on devices, the security of web applications, misconfiguration of on-premises devices, and cloud security posture. Analysis of this extensive knowledgebase paired with TRU's unique visibility into threat actor activity – pre and post exploitation – yielded to five \"Risk Facts.\"\nRisk Fact #1: Speed is the key to out-maneuvering adversaries\nOn average, weaponized vulnerabilities are patched within 30.6 days while only being patched an average of 57.7% of the time. These same vulnerabilities are weaponized by attackers in 19.5 days on average. This means that attackers have 11.1 days of exploitation opportunities before organizations are able to patch.\nRisk Fact #2: Automation is the difference between success and failure\nAccording to the study, patches that could be automatically deployed were implemented 45% more frequently and 36% faster than manually deployed patches. Vulnerabilities where an automated patch could be applied have a mean time to remediation of 25.5 days while manually patched vulnerabilities took 39.8 days t...