Digital Defense, Inc. (DDI), a global security risk assessment provider, has released the final report of a Ponemon Institute commissioned study, Vulnerability Data Refinery Validation Study, that evaluates the market receptiveness to the company’s new security technology. The report follows the June release of the study’s preliminary findings which were disseminated during the Gartner Security & Risk Management Summit and includes deeper context surrounding the findings.
DDI’s new Vulnerability Data Refinery (VDR) offering refines data from a variety of assessment sources producing higher quality guidance to remediation teams to more efficiently address findings. Through integration via application programming interfaces, the VDR also provides more intelligent guidance to enforcement technologies to protect information assets on a more proactive basis.
The Ponemon study included participation primarily by senior information security professionals, with 58% representation from Chief Information Security Officers (CISOs). Key findings of the report include:
- 93% of respondents associated high levels of importance with VDR’s vendor agnostic capability (58% very important; 35% important).
- 95% of respondents indicated strong levels of importance (65% very important; 30% important) associated with the capability for VDR to improve the accuracy of standalone security intelligence tools by importing data from complementary and overlapping data sources.
- 80% of research respondents positively rated the VDR design (50% very positive and 30% positive).
Qualitative results, as noted in verbatim responses below, demonstrate the need for technology that can increase efficiencies and accuracy in identifying true risk through the refinement of assessment data.
“I especially like the idea of using existing threat assessment tools and intelligence feeds from different vendors.”
“I would gladly implement this (VDR) solution for the right cost.”
“I’m a big fan of risk-based security frameworks…The three-way exam of risk - - namely network weakness, threat and value of the underlying information assets is brilliant.”
Dr. Larry Ponemon, chairman and founder of Ponemon Institute states, “A majority of respondents in the study believe cyber attacks diminish their organization’s economic viability bottom line or mission. They also acknowledge the reputational impact with customers and business partners as a result of system downtime caused by cyber attacks. In summary, we believe that there is significant market demand and opportunities for solutions such as VDR.”
DDI’s executive vice president and chief technology officer Gordon MacKay who has been spearheading the company’s development of VDR, also commented on the research. “This study provides valuable insight to move forward with refinement of VDR. In addition to the quantitative data, the qualitative feedback will be instrumental in evaluating how the technology is rolled out. We have been promoting the importance of scan reconciliation for years and the results further validate the need for this process in order for organizations truly understand their security posture.” MacKay can be followed on Twitter @gord_mackay