Automation is the key to IT vulnerability discovery

Speakers at the BT/Skybox Security-sponsored event said that their research and observations highlighted the need for continuous management of risks and vulnerabilities to keep data and networks secure against key threats.

The event - which brought together 40 senior IT and infosecurity staff from several organisations - highlighted the scale of the challenges faced by IT staff, with 75% reporting significant growth in their networks in the past year.

According to Craig Coward, a spokesperson for Skybox Security, the majority (63%) said they used automated solutions for identifying risk and compliance issues, and vulnerabilities in their network.

"When asked to name the single IT risk or compliance issue that kept them awake at night, 44% named identity and access management", he said, citing polling research carried out at the event.

"38% also expressed concerns about board-level interference with security policy decisions, and 18% said cutting risks of data leaks and losses was the issue that concerned them the most".

Speaking at the event was Ray Stanton, BT's global head of business continuity, security and governance requirements, who used his presentation to show how organisations that manage risks effectively are better positioned to respond to - and remedy - adverse events, helping to protect their brand reputation and control costs.

Stanton cited the example of Credit Suisse, which deployed Skybox's risk management solution to automate risk assessments, performing these daily instead of semi-annually.

This, he said, gave Credit Suisse a full return on investment (ROI) within one year and a 300% ROI in three years.

Also speaking was Stephen Bonner, global head of information risk management for the Barclays Group, who made the point that organisations can either approach compliance as a checklist of controls to satisfy auditors without managing or reducing risks.

Alternatively, he said, they can use compliance methodology and risk management tools to improve their security and compliance stance and cut costs.

What’s Hot on Infosecurity Magazine?