More

    The State of Our IT Security Vulnerabilities

    If you’re getting the feeling that your IT staff is spending more time than ever patching software because of security issues, you’re probably right.

    The latest X-Force security report from IBM shows that 2010 had the largest number of security vulnerabilities, 8,562 to be exact, in history. That’s a 29 percent increase over 2009. But worse yet, the severity of those vulnerabilities is increasing, while the amount of time it takes for hackers to exploit them is decreasing.

    Unfortunately, the IBM report also shows that by the end of 2010, 44 percent of all the vulnerabilities disclosed had yet to be patched. No doubt many of those vulnerabilities are now being patched in 2011, but Tom Cross, IBM X-Force threat intelligence manager, says the report clearly shows the need for continuous security vigilance. That may mean a move to rely on a security service because IT organizations can no longer keep pace with all the vulnerabilities that can now manifest themselves on a number of platforms.

    The IBM report makes it clear that the vast majority of the vulnerabilities being disclosed affect Web applications, which in 2010 were particularly prone to attacks being made through either Adobe PDF and Flash vulnerabilities or SQL Injection and Cross-Site Request Forgery attacks. Regardless of the method, the report notes that 49 percent of vulnerabilities disclosed in 2010 affected Web applications.

    Some would say that the increase in vulnerability disclosures represents progress in terms of making our systems more secure. But others would argue that it highlights deeply flawed application development processes that result in huge post-production deployment costs that are pushed onto customers.

    The good news is that there has been progress in terms of combating spam and phishing, but the report does acknowledge that this may be as much a result of the purveyors of malware deciding to opt for more efficient mechanisms for delivering payloads. For instance, while there were some high-profile takedowns of botnets in 2010, overall botnet activity began to rise again by the end of the year. That suggests that the builders of malware have created new, more efficient ways of automating the delivery of malware.

    No matter how you look at it, security management is getting more complex with each passing day. The question that IT organizations need to ask themselves is given the ever-increasing attack surface that needs to be defended, can they really afford to go it alone anymore? Odds are that the answer is going to require higher levels of security automation just to keep pace with the sophisticated attack methods that the bad guys are using.

    The State of Our IT Security Vulnerabilities - slide 1

    Click through for results from an IBM security study.

    The State of Our IT Security Vulnerabilities - slide 2

    Despite best efforts it’s on the rise.

    The State of Our IT Security Vulnerabilities - slide 3

    The rise and fall.

    The State of Our IT Security Vulnerabilities - slide 4

    The bad guys are getting sneakier.

    The State of Our IT Security Vulnerabilities - slide 5

    A much favored line of attack.

    The State of Our IT Security Vulnerabilities - slide 6

    A popular way to compromise Web applications.

    The State of Our IT Security Vulnerabilities - slide 7

    Lots of usual suspects.

    The State of Our IT Security Vulnerabilities - slide 8

    It's definitely on the rise.

    The State of Our IT Security Vulnerabilities - slide 9

    SQL Slammer dominates.

    The State of Our IT Security Vulnerabilities - slide 10

    A major shift up and to the right over the years.

    The State of Our IT Security Vulnerabilities - slide 11

    The size of Spam messages is increasing.

    The State of Our IT Security Vulnerabilities - slide 12

    Spammers are relying less on volume.

    The State of Our IT Security Vulnerabilities - slide 13

    But there was a sudden spike at the end of the year.

    The State of Our IT Security Vulnerabilities - slide 14

    As a source, trusted domains are leveling off.

    The State of Our IT Security Vulnerabilities - slide 15

    Numbers are dropping.

    The State of Our IT Security Vulnerabilities - slide 16

    More in 2010 than any other year.

    The State of Our IT Security Vulnerabilities - slide 17

    Things are getting worse.

    The State of Our IT Security Vulnerabilities - slide 18

    Disclosures of exploits are coming faster than ever.

    The State of Our IT Security Vulnerabilities - slide 19

    Just about half are related to Web applications.

    The State of Our IT Security Vulnerabilities - slide 20

    Plug-ins are often the culprit.

    The State of Our IT Security Vulnerabilities - slide 21

    Adobe Flash Player has emerged as a problem.

    The State of Our IT Security Vulnerabilities - slide 22

    Everywhere but the Hypervisor.

    The State of Our IT Security Vulnerabilities - slide 23

    A major spike in 2010.

    The State of Our IT Security Vulnerabilities - slide 24

    Expect this number to keep rising.

    Latest Articles