“Organizations are Struggling to Identify and Correct Vulnerabilities and Misconfigurations in Virtual and Cloud Environments”
~Those using an attack surface visibility tool are significantly more likely to be satisfied with ability to analyze and prioritize~
Skybox® Security, a global leader in security analytics, released today the results of its 2016 Trends Report: Analyzing the Attack Surface.Prepared for Skyboxby theresearch firm CyberEdge Group, the report detailsfindings from a global survey of 275 IT professionalsatenterprises and government agencies with more than 500 employees. It presents data on how IT organizations are using automated tools to identify, analyze and prioritize vulnerabilities and misconfigurations concealed on their networks — physical, virtual and cloud.
Among the key findings: organizations are least automated(and least confident) in areas related to (a) collecting data about virtual and cloud–based systems and applications and (b) analyzing and remediating firewall rules that violate policies and regulations.These are the areas, therefore, with the most room for improvement in the immediate future, especially considering that many organizations are quickly transitioning to hybrid IT networks and regulatory requirementsworldwide areincreasing and becoming more strict.
For example, while a near-perfect 92 percent of organizations use automated tools to detect vulnerabilities on hosts and servers, only 54 percent use automated tools to assess security controls on cloud–basedsystems and applications.
The data points to other areas that need improvement, particularly for tasks involving remediation and provisioning. Although most organizations automate the process of pushing patches (between 74 and 81 percent), approximately half of the organizations (between 44 and 53 percent) haveprimarily or completely manual processes for most other areas. This includes: remediating misconfigurations on servers and network devices,systems and data access rules, andfirewall rules that violate policies; provisioning firewalls, firewall rules and security.
“The lack of an automated approach among so many organizations is alarming, especially when you considerthat the industry is experiencing a severe shortage ofsecurity professionals,” said Skybox Director of Product Marketing Kevin Flynn. “And in the very near future, regulations will become more burdensome — and the consequences of not meeting those regulations more painful — so organizations should really be investigating tools that automate configuration, vulnerability and policy management.”
Additional key findings:
• The extent of satisfaction that IT professionals have with their current capabilities tends to go hand-in-hand with the extent of automation for processes related to vulnerabilities and misconfigurations.
• Having an attack surface visibility tool had a particularly strong impact on an organization’s satisfaction with its ability to address compliance issues and regulatory requirements.
To view the full report from Skybox Security, click here.