Remediation Snapshot: Manufacturing Sector

Manufacturing organizations face a distinct remediation landscape often defined by harder-to-manage, non-Windows systems. This document offers a snapshot of remediation performance for the sector, leveraging data from over 40 manufacturing firms. While the sector appears to be lagging in raw speed, a deeper look at the data reveals that Manufacturing maintains a respectable level of control relative to the complexity of its environment.

Vulnerability density in Manufacturing is roughly on par with other sectors, yet the “half-life” of a vulnerability is twice as long (69 days vs 36). This lag is largely attributed to the significantly lower ratio of Windows systems in manufacturing environments, as Windows vulnerabilities are typically remediated much faster than other platforms. This report rewards the click by showing how manufacturers compensate for this lack of speed with better-than-average variation control.

Efficiency, rather than brute force, is the sector’s path to security. Manufacturing ranks among the top five sectors for remediation coverage, successfully addressing 80% of its high-risk vulnerabilities. This focus allows over 60% of manufacturing firms to successfully manage their risk by either breaking even or reducing their high-risk vulnerability debt over time.

Key Findings

• 2X Fix Delay: The typical half-life for a vulnerability in Manufacturing is 69 days, nearly double the 36-day average seen in other industries.
• Moderate Density: Median vulnerability density for the sector is 10 flaws per asset, which is slightly higher than the cross-sector typical of 7.
• Top 5 for Coverage: A respectable track record of fixing 80% of high-risk vulnerabilities places Manufacturing among the top five performing sectors for coverage.
• Low Windows Ratio: Remediation velocity is hampered by a significantly lower prevalence of Windows systems, which are fixed much faster than alternative platforms.
• Six Sigma Indicators: High-density systems in Manufacturing aren’t “quite as bad” as top-tier high-density assets in other sectors, suggesting better control over technical variation.
• The 1-in-10 Capacity Ratio: Regardless of the volume of issues, manufacturing firms remediate approximately 10% of their open vulnerabilities each month.