“2018 will be the year of virtual patching and the year that improving patch cycles for enterprise applications becomes a priority…”
The ability to rapidly apply a patch that functions like a physical patch without taking the vulnerable app out of production or making any code changes – must be an evaluation (and ultimately, deployment) priority in 2018. We have seen this issue arise as a recent study by CA Veracode found that only 14% of high severity code flaws – the kinds that lead to headline stealing security breaches – are fixed in less than 30 days. That means 86% take longer than 30 days. This is too long of a time to address these issues as it takes less than a week for malicious hackers to set up shop inside an organization after exploiting a known vulnerability. This issue needs to be addressed head on in 2018 in order to avoid more breaches that are sure to come if vulnerabilities are left unpatched.
Read what other information security professionals had to say were their top infosec concerns.