The Network Resilience Coalition, a new alliance focused on securing data and networks that support global economic and national security, has been formed by industry leaders across cybersecurity, networking, and service providers. This coalition aims to improve network hardware and software resilience on a global scale, bringing together infrastructure vendors and major network operators experienced in deploying patches to inform good vulnerability management policy. Founding members of the coalition include Cisco Systems, Palo Alto Networks, Fortinet, Juniper Networks, AT&T, BT Group, Lumen Technologies, Verizon, Broadcom, Intel, and VMware.

According to a press release from the Center for Cybersecurity Policy & Law, organizations often lack robust patching and vulnerability management programs or fail to install critical updates promptly, despite the efforts of software and hardware vendors to provide strong and secure products and services. The Center for Cybersecurity Policy & Law is an independent organization that provides practices and policies to better manage security threats to government, private industry, and civil society.

Patch and vulnerability management is a persistent challenge for many organizations. A report titled “State of Vulnerability Management in DevSecOps” revealed that over half of 634 IT and IT security practitioners have backlogs consisting of more than 100,000 vulnerabilities, with the average number of vulnerabilities in backlogs reaching 1.1 million. Additionally, 54% of respondents stated they were able to patch fewer than 50% of the vulnerabilities in their backlog, and 78% said that high-risk vulnerabilities in their environment take longer than three weeks to patch. The largest percentage, 29%, noted that it takes longer than five weeks to patch.

Several factors contribute to the difficulty of remediating vulnerabilities. The report identified an inability to prioritize what needs to be fixed, a lack of effective tools, a lack of resources, and insufficient information about risks that would exploit vulnerabilities as common obstacles. Furthermore, the “2023 Unit 42 Network Threat Trends Research” report revealed a 55% increase in the exploitation of vulnerabilities in 2022 compared to the previous year.

However, there is some positive news regarding vulnerability management. Research conducted by Bitsight found that the number of organizations vulnerable to data leaks due to security vulnerabilities in MOVEit Transfer software has significantly decreased. At least 77% of the initially affected organizations are no longer susceptible. The research also revealed that organizations are remediating MOVEit vulnerabilities 21 times faster compared to other vulnerabilities. Progress, the developer of MOVEit, issued an advisory on May 31 about a critical vulnerability in its MOVEit Transfer product. Subsequently, two more vulnerabilities were identified on June 9 and June 15, followed by three more vulnerabilities discovered on July 5.

The Center for Cybersecurity Policy & Law emphasizes that technology companies must address the ongoing problem of poor implementation of software and hardware updates and patches. It is essential for organizations to have better visibility into their networks to effectively mitigate cyber risks. The coalition members will work together on a report that investigates the root of these issues and provides clear, actionable recommendations for improving network security for technology providers, technology users, and those involved in creating or regulating security policies.

Извор линк