Action1 Corporation, a provider of the risk-based patch management platform, announced a new product strategy aimed at enhancing organisations' resilience to cyber threats.

In line with this strategy, the company is looking to add vulnerability discovery and prioritisation based on IT asset value to its patch management capabilities to empower organisations to proactively manage their security risks.

Here are the key drivers for the new Action1 strategy:

• The growing number of security vulnerabilities makes it challenging for organisations to manage vulnerabilities effectively. According to a Statista report, 22,514 common IT security vulnerabilities and exposures (CVEs) were discovered in 2022, the highest reported annual figure so far. Statista also indicates that organisations take, on average, between 290 and 180 days (about 6 months) to patch vulnerabilities.
• Delays in remediation are becoming exceptionally risky with the rapid exploitation of security vulnerabilities by ransomware gangs. Experts estimate that 56% of vulnerabilities are exploited within seven days of public disclosure, as attackers become more sophisticated and faster at exploiting vulnerabilities.
• However, there are signs signaling that the time to exploit vulnerabilities will decrease even further as the cost of cyber crime is growing alarmingly and is predicted to reach $8 trillion by 2023 and $10.5 trillion by 2025. The increasing complexity of hybrid IT environments exacerbates the challenge of managing cybersecurity risks.
• As noted in an IBM study, on average, enterprises use 45 security tools, leading to tool sprawl, which results in additional delays in the remediation of security vulnerabilities. Many organisations struggle with legacy approaches to patch management, which are labor-intensive and error-prone. According to the Action1 study, 73% of organisations patch at least some critical systems manually.

These factors increase the risk of cybersecurity breaches even further, underscoring the need for more streamlined and effective cybersecurity tools, the company states. As a result, defenders seek solutions that enable them to be more proactive in their cybersecurity efforts to mitigate the risks posed by increasingly active threat actors.

The new product strategy from Action1 Corporation aims to address these challenges. A single platform combining vulnerability discovery, prioritisation, and automated remediation, will enable defenders to allocate resources effectively and establish a more comprehensive approach to vulnerability remediation based on risk and IT asset value.

Furthermore, unifying a range of solutions into one reduces the number of systems needed to address cyber risks, streamlining cybersecurity efforts for organisations.  

Mike Walters, VP of Vulnerability and Threat Research and co-founder of Action1, says, "Organisations need to move beyond security to cyber resiliency with a focus on risk assessments. As attackers start exploiting known vulnerabilities shortly after patches are released, proactive solutions are needed to help IT teams identify and mitigate potential risks to their organisation."

Alex Vovk, CEO and Co-founder of Action1, says, "By adding vulnerability discovery and prioritisation to its robust patch management platform, not only will Action1 help IT teams fix vulnerabilities in a faster and more efficient manner, but it will also make the overall remediation process more cost-effective for enterprises."

The new product strategy is based on analysing feedback from thousands of users and is a result of close work with customers. Hence, it represents yet another expression of Action1s core mission: to help organisations build resilient security strategies while increasing IT efficiency and saving costs.

Action1 Vulnerability Discovery will be available in Q3 2023. Prioritization will be available in Q4 2023.