QOTD - Pescatore on the State of Security in 2010

Ninety percent of attacks are exploiting vulnerabilities we already knew about, by missing patches, deciding not to patch, or uses of technology in which we made the decision to deploy without putting security controls on it. Less than 1% are zero-day attacks; the other 99% are exploited configurations and unpatched machines that the simplest vulnerability scan would've found.
The bottom line is the attack surface for threats is going up. There are more moving parts in the way we're consuming and delivering IT. ... There's all the opportunity for a bot to take hold. -- John Pescatore, vice president and research fellow at Gartner Research
Src: Gartner: Enterprises must learn to detect botnet threats

No comments: