How well do your Linux security practices fare in today’s challenging operating environment? Are you following the right processes to keep systems up to date and protected from the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute.
The study, sponsored by TuxCare, aimed to better understand how companies currently manage the security and stability of their Linux-based systems. The results enable all organizations running Linux-based systems to benchmark their processes against those of their competitors and best practices.
You can get a copy of the full report HERE if you can’t wait to see the results, but we’ve highlighted the key findings below if you want a preview.
Understanding the current state of enterprise Linux security management has never been more important. The number of large and critical vulnerabilities is growing significantly every year, and exploits against it are deployed at an accelerated rate.
TuxCare previously sponsored the Ponemon Institute to research how organizations manage the security and stability of their Linux-based systems. This research has been of tremendous benefit to organizations running Linux-based systems.
Ponemon updated the research to see how the threat management landscape is changing and to provide insights into how organizations have adapted and refined their practices. Additionally, the updated reports provide a deeper understanding of the security risks and mitigation strategies currently in place.
The latest findings
Enterprises spend an average of $3.5 million annually to monitor their systems for threats and vulnerabilities and to implement patch management processes. These costs to businesses include the productivity impact of system downtime associated with patching.
Organizations spend approximately 1,075 hours each week monitoring and patching systems. This includes 340 hours of system downtime while patches are applied, putting considerable pressure on security teams when downtime impacts productivity. In fact, 45% of respondents said their organization does not tolerate patching downtime. This is a problem that live patching solutions can eliminate, which is why 76% of respondents have adopted this technology.
However, the study found that despite this investment, respondents were not entirely confident that they would be able to quickly find and fix all critical vulnerabilities in their systems to reduce security risks to an acceptable level. Over 56% of respondents spent more than a month patching high-priority critical vulnerabilities when they realized their systems were vulnerable. Additionally, 5% of respondents said it took them over a year to apply critical patches. This represents a deterioration of the situation from previous research and an increased business risk.
As long as a system has an unpatched vulnerability, that system is vulnerable to exploits. The disclosure of vulnerabilities causes attackers to work on methods to exploit the vulnerability and techniques to look for exploitable systems. Fast patching doesn’t just give you peace of mind that your systems are secure. It can also be crucial to meet regulatory requirements.
Even more notable were the findings that about a third of organizations are unaware of their responsibilities for the security of cloud-hosted systems, provided the hosting company has managed them. Many cloud-hosted systems without active security management rely on standard security controls and luck to avoid an attack.
Organizations are at risk because they cannot identify and remediate vulnerabilities quickly enough for all of the systems they are responsible for managing. The study found that only 43% of respondents believe they have sufficient resources and in-house expertise to patch in a timely manner. Additionally, respondents identified a lack of accountability for patch management and the assignment of responsibilities outside of IT security functions as contributing factors.
Research also shows increasing automation of day-to-day system administration activities. The standardization and repeatability of processes are positive factors for system security and stability, and respondents who implemented automation reported a significantly faster response time to vulnerabilities.
To read the full report and all of its detailed findings related to Enterprise Linux Security, you can get your free copy HERE.