Sifting For Software Vulnerabilities Drains Security Staff

A survey sponsored by SecurityFocus, a security-intelligence firm, has found that security professionals spend more than two hours each day hunting for the security information they need to protect their company's digital assets. The 266 respondents included system administrators, security engineers, programmers, network engineers, and security analysts.

Andrew Bagrin, manager of network planning for Regal Cinema, says that despite his company's effective use of security applications, keeping a constant vigil for new vulnerabilities and viruses is always on his mind. "There's a steady flow of new information and threats you have to always keep up with," he says.

Survey respondents spend roughly 25% of the workday filtering through security information. But 57% of respondents said they didn't spend too much time at the task. Also, 42% spend more than two hours a day, and 18% invest more than six hours of their day educating themselves about new threats.

Pete Lindstrom, director of security strategies at Hurwitz Group, says part of the struggle for security administrators is sifting through security information to find what's applicable to a company's particular network and applications. "It's not a matter of there being too little information available," he says. "There is so much security and vulnerability information being released every day, it's tough to cut through all of the noise."