Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances

The latest Verizon Data Breach Investigations Report (DBIR) landed this week with a startling statistic about the security posture of perimeter gear: barely half of the zero‑days exploited last year in VPNs and internet‑facing appliances were fully patched, and it took a median 32 days to get there.

Those weak spots, abundant in devices from Ivanti, Fortinet, SonicWall and Citrix, pushed vulnerability exploitation up 34 percent year‑over‑year, making it the second‑most common way professional hackers broke in, behind only stolen credentials.

“The percentage of edge devices and VPNs as a target on our exploitation of vulnerabilities action was 22%, and it grew almost eight-fold from the 3% found in last year’s report,” according to the DBIR.

“Organizations worked very hard to patch those edge device vulnerabilities, but our analysis showed only about 54% of those were fully remediated throughout the year.”

The findings match ...