Top 5 attack surface challenges related to security operations

According to a newly released ESG study, just over half of all organizations (52%) say security operations are more difficult today than they were two years ago. When asked why, 41% pointed to an evolving and dangerous threat landscape, 38% identified a growing and changing attack surface, 37% said the number and complexity of alerts are driving this change, and 34% said the growing one responsible for using public cloud computing services.

Now, most of those challenges are déjà vu again, impacting security teams year after year. However, there is one exception: the growing attack surface. Sure, the attack surface has steadily grown since we all started using Mosaic browsers, but it’s really taken off in the past few years. Blame Amazon, COVID or digital transformation, but companies are connecting IT systems to third parties, supporting remote workers, developing cloud-native applications and adopting SaaS services in record numbers. When you consider all of these factors, enterprise organizations typically use tens of thousands of internet-connected assets.

Addressing the challenges of the attack surface

Yes, a growing attack surface is poised to upend the old apple cart of security operations, but what are the real implications? ESG asked 376 security professionals that very question. Survey respondents identified five challenges associated with the growing attack surface.

  • Requires deeper relationship with developers. This response reflects a gap between software development and security as companies build more cloud-native applications and continually deliver new capabilities to production apps. Do they use serverless functions? Connecting to insecure APIs? Leaving sensitive data in open S3 buckets? In many cases, security teams don’t know the answers to these questions. Cloud Security Posture Management (CSPM) can help, but these tools are not ubiquitous and may be hoarded by cloud development groups. Bridging the security/developer gap should be a high priority for all CISOs.
  • Leads to a re-evaluation of current tools and processes. This is another common bugbear that continues to plague security operations teams. To discover and manage the attack surface, organizations typically start with existing tools – asset management systems, vulnerability scanners, log management, CSPM, etc. They quickly realize that collecting data from disparate systems can take ages – 43% of organizations claim it takes more than 80 hours to complete a full attack surface management inventory. Because data comes from multiple systems, someone needs to validate the results for plausibility, which introduces overhead and human error. The result? 69% of organizations report having suffered a cyber incident as a result of an unknown, unmanaged, or poorly managed attack surface asset.
  • Increases the volume of vulnerabilities and associated patch cycles. That’s simple math. More assets = more vulnerabilities = more patch cycles. Some organizations have the processes and resources to keep up; many don’t.
  • Slows down security investigations and response actions. In this case, security analysts may not have access to all the data they need and end up chasing it across different data sources. This contributes to the frequency of security incidents described above, as analysts try to linger longer while trying to figure things out. Incident response measures are also likely to be incomplete, as security and IT teams fix some systems but overlook the full scope of an attack on their amorphous attack surface.
  • Leads to visibility gaps. The growing attack surface leads to visibility gaps – a nightmare for security analysts. As the tired but accurate security yarn says, “You can’t manage what you can’t measure.”
Also Read :  Microsoft Surface Laptop 5 offers powerful computing in a sophisticated style

These and other issues have drawn attention to attack surface management in enterprise organizations as CISOs recognize that these challenges can lead to malicious cyberattacks. The industry has responded with a dizzying pace of M&A activity: DarkTrace snapped up Cybersprint, IBM snapped up Randori, Mandiant acquired Intrigue, Microsoft snapped up RiskIQ, Palo Alto Networks bought Expanse Networks, and Tenable bought BitDiscovery. VC-backed startups like CyCognito, Cyberpion, and Upguard, and third-party risk management providers like BitSight and Security Scorecard are also playing in this space.

Also Read :  Best practice for supporting neurodiversity in technology

Few companies were talking about attack surface management five years ago, but times have changed and it is now a security requirement for organizations. Ignore attack surface management at your peril.

Also Read :  Unlocking $36 billion of economic value globally through improvements in cyber-physical security

Copyright © 2022 IDG Communications, Inc.

Source link