A survey and report on The State of Security Remediation from the Cloud Security Alliance (CSA), a leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, found that more than 77 percent of respondents feel unprepared to deal with security threats. Commissioned by Dazz, the leader in security remediation, CSA surveyed more than 2,000 IT and security professionals on the challenges they are facing in their remediation operations practices, as well as critical areas of improvement.
The survey's key findings included:
- A significant concern exists regarding the prevalence of vulnerabilities in code and their tendency to recur. This finding highlighted a pattern of quick-fix approaches rather than sustainable, long-term solutions. 38 percent of respondents estimated that between 21-40 percent of their code contains vulnerabilities; 19 percent noted that 41-60 percent of their code contains vulnerabilities, and 13 percent identified vulnerabilities in 61-80 percent of their code. Compounding this issue was the finding that over half of the vulnerabilities addressed by organizations tend to recur within a month of remediation.
- Many organizations are struggling to achieve visibility in their cloud environments. Only 23 percent of organizations reported full visibility, with 77 percent experiencing less-than-optimal transparency, strongly suggesting that the complexity of these environments poses significant challenges.
- False positives and duplicate alerts pose significant challenges. Sixty-three percent of organizations consider duplicate alerts a moderate to significant challenge, while 60 percent view false positives similarly, highlighting the inefficiencies and drawbacks of too much data coming at security teams. The high rate of organizations struggling with this could be attributed to overlapping functionalities among tools, or a lack of refined integration and fine-tuning, leading to alert fatigue, prioritization challenges and, ultimately, slower incident response times.
- The proliferation of security tooling is creating complexities. The escalating trend of alert overload is a significant challenge facing organizations. With 61 percent using between three and six different detection tools and 45 percent planning to increase their security tooling budget in the coming year. This proliferation of tools, while enhancing security coverage, also leads to a surge in alerts, including a high volume of false positives.
- Significant room for improvement exists in the remediation process. Seventy-five percent of organizations reported their security teams spend over 20 percent of their time performing manual tasks when addressing security alerts, despite 83 percent reporting they use at least some automation in their remediation process.
- Slow response times to vulnerabilities indicate potential gaps in prioritization and response strategies. Eighteen percent of organizations reported taking more than four days to address critical vulnerabilities, with three percent exceeding two weeks. This slow response may result in prolonged risk periods, increasing the likelihood that companies will become the victim of a breach.
The full report can be downloaded here.