{"id":15888,"date":"2026-03-02T19:51:57","date_gmt":"2026-03-02T19:51:57","guid":{"rendered":"https:\/\/newestek.com\/?p=15888"},"modified":"2026-03-02T19:51:57","modified_gmt":"2026-03-02T19:51:57","slug":"vulnerability-monitoring-service-secures-public-sector-websites-faster","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15888","title":{"rendered":"Vulnerability monitoring service secures public-sector websites faster"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing median remediation time for general cyber vulnerabilities from 53 days to 32, and slashing DNS-specific average fix times from 50 days to eight.<\/p>\n

The results come from the UK government\u2019s newly launched vulnerability monitoring service (VMS), which continuously scans more than 6,000 public bodies from doctors\u2019 offices and ambulance trusts to hospitals and the Legal Aid Agency, tracking every identified weakness until it is resolved. The service detects around 1,000 types of vulnerabilities and processes approximately 400 confirmed findings a month, the government said.<\/p>\n

\u201cCyber-attacks aren\u2019t abstract threats, they delay National Health Service appointments, disrupt essential services, and put people\u2019s most sensitive data at risk,\u201d said UK Minister for Digital Government Ian Murray<\/a> in a statement announcing the results at the annual Government Cyber Security and Digital Resilience conference. \u201cWhen public services struggle it\u2019s families, patients and frontline workers that feel it.\u201d<\/p>\n

Murray also unveiled a \u00a3210 million ($266 million) Cyber Action Plan and the launch of a first-ever government Cyber Profession, a program to recruit, train, and retain security talent across public services.<\/p>\n

Favorable comparison<\/h2>\n

Paul McKay, VP principal analyst at Forrester, said the numbers compare favorably against private sector benchmarks.<\/p>\n

\u201cThese median fix times are generally better than the figures vulnerability management vendors publish in benchmark studies, which log average fix time ranging from a few weeks to several months depending on vulnerability criticality and whether it is known to be exploited in other organizations,\u201d McKay said.<\/p>\n

The bigger problem in most organizations is not detection speed but communication, McKay said. Security teams that can\u2019t explain why a specific finding matters tend to see vulnerabilities pile up unresolved. \u201cLots of security teams struggle to do this, overwhelming technology teams with lists of thousands of vulnerabilities with unrealistic SLA timeframes to fix them,\u201d he said.<\/p>\n

The gap between average and best-in-class performance, he added, comes down to one thing: \u201cThe ability to cleanly articulate why vulnerabilities matter in terms of the business impact and show real rather than theoretical risk exposure.\u201d<\/p>\n

That clarity of communication, McKay said, matters more than the tools an organization deploys.<\/p>\n

Tools good, talk better<\/h2>\n

The UK government\u2019s VMS uses a combination of commercial and proprietary scanning tools to detect vulnerabilities in internet-facing assets.<\/p>\n

But McKay cautions against drawing the wrong conclusion from the results.<\/p>\n

\u201cProcess, accountability and taking ownership for explaining why this matters to the resilience of the business is far more important than the technical tooling,\u201d he said. \u201cBuilding a robust prioritization approach and a strong trusted relationship with peer stakeholders responsible for doing the work of patching and applying fixes, matters far more than the specific tooling chosen.\u201d<\/p>\n

The UK\u2019s VMS alerts responsible organizations with \u201cspecific, actionable guidance\u201d on each finding, rather than generating raw vulnerability feeds, and tracks progress until the issue is closed.<\/p>\n

The government cited DNS vulnerabilities as a specific example. Before the VMS, a weakness in a government DNS record could sit undetected for nearly two months. The service has closed that window to eight days.<\/p>\n

The statement also added that the service will expand to cover additional vulnerability categories, with fix times expected to fall further as it matures.<\/p>\n

The UK\u2019s National Audit Office (NAO), however, flagged a challenge the VMS alone cannot fix.<\/p>\n

The workforce challenge<\/h2>\n

Word of the success of VMS comes a month after the NAO reported that the cyber threat to government is \u201csevere and advancing quickly,\u201d<\/a> concluding that resilience levels were lower than previously estimated, and determined the government would not meet its own 2025 cyber resilience targets. It identified skills gaps as the single biggest risk to building lasting cyber resilience.<\/p>\n

The government said the new Cyber Profession is a direct response to those findings. Co-branded with the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT), it will \u201cestablish a dedicated Cyber Resourcing Hub, a government Cyber Academy, an apprenticeship scheme, and structured career pathways\u201d aligned with UK Cyber Security Council standards. Manchester will serve as the primary hub, the statement added.<\/p>\n

\u201cThe launch of the government Cyber Profession will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online,\u201d NCSC CEO Richard Horne said in the statement.<\/p>\n

DSIT did not respond to requests for additional technical detail on the VMS by the time of publication.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

An automated scanning system has cut the time it takes to fix cybersecurity vulnerabilities across public sector IT systems, reducing median remediation time for general cyber vulnerabilities from 53 days to 32, and slashing DNS-specific average fix times from 50 days to eight. The results come from the UK government\u2019s newly launched vulnerability monitoring service (VMS), which continuously scans more than 6,000 public bodies from… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15888","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15888"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15888\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}