Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Vulnerability Management Priorities Shifting Focus in APAC

Tenable recently commissioned Forrester Consulting to conduct the April 2016 study, Vulnerability Management Trends In APAC: Managing Risk In The Age Of The Customer, to examine how organizations in the Asia Pacific region are handling their vulnerability management strategies and investments. After surveying more than 100 enterprise security decision-makers, it is apparent that reducing risk and increasing security posture is a top priority for enterprises in the region.

About the study

The survey was taken from five specific areas in APAC, with 25% of respondents coming from each region: China, Singapore, Japan, Australia, and New Zealand. The majority of respondents, 52%, came from companies with 1000-4999 employees. All respondents were manager level or above working in IT, and responsible for vulnerability management at their respective organizations. Those surveyed came from a variety of industries, including telecommunications services, financial services, retail, and more.

Managing risk a top priority

The way organizations view vulnerability management is changing. Rather than the traditional focus on compliance, vulnerability management solutions are shifting to a risk based approach. Only 23% of those surveyed would still prioritize compliance above understanding their risk posture.

Only 23% of those surveyed would still prioritize compliance above understanding their risk posture.

Instead, 40% of APAC security decision-makers would classify their vulnerability management programs as strategic, responsible for helping the organization understand risks associated with their most important assets.

Attacks on the rise

This renewed focus on risk is certainly warranted. According to the survey, 80% of companies had experienced at least one attack over the past 12 months. Of all the types of attacks seen by respondents, phishing and DNS-based attacks were the most common. These incidents had significant impact on those surveyed, including lost productivity, loss of business renewals, and loss of new customers.

Lack of continuous monitoring

Despite this renewed focus on risk management, only 22% of respondents currently monitor their environments continuously for new threats. Twice as many respondents, 44%, only scan their environments periodically, while 28% scan monthly. The prevalence of periodic scanning is troubling, as it can potentially leave gaps that provide attackers a window of opportunity to discover and exploit known vulnerabilities.

Only 22% of respondents currently monitor their environments continuously for new threats

The lack of continuous monitoring could be due to the fact that organizations are facing significant challenges with their current vulnerability management solutions. Respondents specified a number of different challenges, including having difficulty remediating breaches across security and operations, an inability to prioritize vulnerabilities, and difficulty accounting for evolving mobile and cloud threats.

These difficulties have led APAC security professionals to consider expanding their investments into more advanced vulnerability management and continuous monitoring solutions. When making these investments, the survey found that organizations were looking for several key capabilities:

  • Ability to identify, scan, and protect devices
  • Active scanning
  • Benchmarks to compare current security controls
  • Continuous scanning/listening capabilities
  • High visibility across IT infrastructure, including the ability to scale coverage across cloud, virtualized, and mobile environments

These desired capabilities demonstrate a need for organizations to be able to manage the increased risk of technologies and devices being introduced into the corporate environments by employees, customers, and partners. Business leaders expect to expand their operations with cloud and mobile technology, and to do that securely they must have continuous visibility into those assets, which provides critical context that can be used to take decisive action against potentially harmful vulnerabilities.

A Tenable solution

Tenable Nessus® is the industry’s most widely deployed vulnerability management solution and has been deployed by more than one million users across the globe. Combined with SecurityCenter™, organizations utilizing Tenable have access to the industry’s broadest asset and vulnerability coverage, uniquely positioning them to develop a successful vulnerability management program.

Those looking for a continuous monitoring solution turn to SecurityCenter Continuous View™, which Tenable believes solves many of the challenges mentioned in this study by providing advanced analysis of vulnerability and threat data, network traffic and event information to deliver a continuous view of IT security across all environments.

Resources

Want to know more about how to move your vulnerability management program forward? Check out these Tenable resources:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training