The continuing wrestle to replace weak software program by discovering and making use of the proper patches in a well timed method has led half of enterprise IT departments to make use of Internet utility firewalls (WAFs) both in lieu of patching or to supply some safety earlier than patching might be achieved.
This comes from a brand new Darkish Studying report, “How Enterprises Are Securing the Software Atmosphere.” The survey requested 136 IT, cybersecurity, and utility improvement professionals from organizations throughout greater than 20 trade verticals about their utility improvement practices.
The issue of discovering and making use of safety patches is well-known. In a current sequence of ransomware stories, cyber-risk administration firm Black Kite famous that patch administration was a seamless weak spot throughout industries as various as prescribed drugs and auto manufacturing. Whereas secure and dependable automation is in improvement, IT departments typically should make do with risk-based administration and harm-reducing workarounds.
When the Darkish Studying survey requested respondents in 2022 how they use WAFs to scale back threat to their Internet functions, 14% admit to utilizing WAFs as a substitute of patching flaws, and 36% say they use WAFs as a short lived safeguard earlier than getting round to patching. Nonetheless, that is an enchancment over 2021, when the numbers had been 19% and 23%.
How enterprises make use of WAFs shifted greater than the variety of firms that use the device. The proportion of respondents who say they use WAFs as part of layered defenses fairly than as a form of non permanent patch dropped from 30% in 2021 to 24% in 2022. Nevertheless, the full % of those that use WAFs stayed practically the identical — 74% in 2022 versus 72% in 2021. Evidently regardless of the expertise’s shortcomings, WAFs proceed to be helpful components within the cybersecurity pantry.