Top 5 Attack Surface Challenges Related to Security Operations
Half of the businesses report greater difficulty in carrying out security operations now than they did two years ago, per recently released data from ESG. In response to the question of what is causing this shift, 41% cited a more complicated and risky threat landscape, 38% noted an expanding attack surface, 37% cited an increase in alert volume and complexity, and 34% pointed the finger at the increasing adoption of public cloud services.
The expanding attack surface is the one notable exception to this rule. The attack surface has expanded since we all started using Mosaic browsers, but it has accelerated dramatically in the past few years. Whether it's because of Amazon, COVID, or the digital transformation, businesses are increasingly enabling remote workers, building cloud-native applications, network vulnerability scanning, and utilising SaaS services. If you analyse all these aspects, you'll see that most enterprise organisations employ tens of thousands of internet-facing assets.
Responding to Threats on the Attack Surface
There's little doubt that the expanding attack surface threatens to upset the status quo in security operations, but how significant is this shift? This was the question that ESG posed to its sample of 376 security experts. There are five difficulties that respondents to the survey identified as a result of the expanding attack surface.
Needs closer collaboration with programmers
As businesses create more cloud-native applications and continuously push new features to production apps, this kind of reaction reveals a divide between software development and security. Is there any evidence that they employ serverless functionality? A lot of the time, security personnel don't know the answers to these kinds of inquiries. Tools for cloud security posture management (CSPM) exist, although they aren't widely used and are sometimes kept secret by cloud development teams. Every CISO ought to make it a top priority to close the security knowledge gap amongst developers.
Reevaluates tools and processes
This is another perennial problem that the security operations team must contend with. Organisations typically begin with preexisting technologies, such as asset management systems, network vulnerability scanning systems, log management, CSPM, etc., to find and manage the attack surface. They quickly learn that it might take a long time to compile information from various sources; 43% of companies report that it takes more than 80 hours to complete an attack surface management inventory. Since information originates from several sources, a sanity check is required, increasing the processing time and potential human mistakes. What is the result? Sixty-nine per cent of businesses say a cyberattack has hit them because of a poorly managed, unmanaged, or undocumented asset that may have been used to launch the attack.
Adds vulnerabilities and patching cycles
That's just basic arithmetic. More resources mean more patches to fix security holes. While some businesses have the systems and means to stay up, many others simply cannot.
Discourages security checks and subsequent actions
In such a scenario, security analysts may be unable to acquire all the relevant information they want quickly. They may be forced to gather it manually from various disparate sources. While analysts try to figure things out, extended dwell durations contribute to the incidence, as mentioned above, of security problems. Since security and IT teams are likely to fix specific systems but miss the full scope of an attack over their nebulous attack surface, it is also possible that incident response activities are incomplete.
Consequences of reduced transparency
When the attack surface expands, blind spots appear, which is a nightmare for security experts. Old security saying that still rings true is "You can't manage what you can't measure."
Because of these and other problems, chief information security officers (CISOs) at large companies are paying more attention to attack surface control. Industry giants have responded with a flurry of merger and acquisition deals, including those between DarkTrace and Cybersprint, IBM and Randori, Mandiant and Intrigue, Microsoft and RiskIQ, Palo Alto Networks and Expanse Networks, and Tenable and BitDiscovery. Third-party risk management suppliers such as BitSight and Security Scorecard compete with VC-backed firms like CyCognito, Cyberpion, and Upguard. When asked about security measures like network vulnerability scanning, few businesses even mentioned attack surface control five years ago. Don't risk your security by ignoring attack surface control.
gummygunk
2087
turnnoffyourmind
stormborns