6 Surprising Findings from the CSA State of Security Remediation Report
Published 03/28/2024
Originally published by Dazz.
Written by Julie O’Brien, CMO, Dazz.
As more companies shift left and embrace hybrid cloud operations, the need for security visibility across the entire code-to-cloud environment is critical for staying on top of vulnerabilities and reducing exposure.
The CSA State of Security Remediation survey validates the challenges that we know organizations are facing, as well as what’s needed to solve them.
This post highlights six main findings observed from the CSA survey. I encourage you to read the full report and benchmark your own remediation operations.
Among the survey’s key findings:
Finding 1:
A significant concern exists regarding the prevalence of vulnerabilities in code and their tendency to recur. This finding highlighted a pattern of quick-fix approaches rather than sustainable, long-term solutions. A substantial 38% of respondents estimated that between 21% and 40% of their code contains vulnerabilities; 19% noted that 41-60% of their code contains vulnerabilities, and 13% identified vulnerabilities in 61-80% of their code. Compounding this issue was the finding that over half of the vulnerabilities addressed by organizations tend to recur within a month of remediation.
What percentage of your code do you estimate contains problems or vulnerabilities that could impact security or functionality?
Finding 2:
Many organizations are struggling to achieve visibility in their cloud environments. Only 23% of organizations reported full visibility with 77% experiencing less-than-optimal transparency, strongly suggesting that the complexity of these environments—particularly with the integration of containers and serverless architectures—poses significant challenges.
Visibility in the code-to-cloud environment
Finding 3:
False positives and duplicate alerts pose significant challenges. Sixty-three percent of organizations consider duplicate alerts a moderate to significant challenge, while 60% view false positives similarly, highlighting the inefficiencies and drawbacks of too much data coming at security teams. The high rate of organizations struggling with this could be attributed to overlapping functionalities among tools, or a lack of refined integration and fine-tuning, leading to alert fatigue, prioritization challenges and, ultimately, slower incident response times.
Difficulty posed by false positives and duplicate alerts
Finding 4:
The proliferation of security tooling is creating complexities. The escalating trend of alert overload is a significant challenge facing organizations. With 61% of organizations using between three and six different detection tools and 45% planning to increase their security tooling budget in the coming year (indicating that more are likely to be introduced), the landscape is becoming increasingly complex. This proliferation of tools, while enhancing security coverage, also leads to a surge in alerts, including a high volume of false positives.
How many security scanning or detection tools do you use in your cloud environment?
Finding 5:
Significant room for improvement exists in the remediation process.Seventy-five percent of organizations reported their security teams spend over 20% of their time performing manual tasks when addressing security alerts, despite 83% reporting they use at least some automation in their remediation process.
Time spent on manual tasks
Finding 6:
Slow response times to vulnerabilities indicate potential gaps in prioritization and response strategies. Eighteen percent of organizations reported taking more than 4 days to address critical vulnerabilities, with 3% exceeding two weeks. This slow response may result in prolonged risk periods, increasing the likelihood that companies will become the victim of a breach.
SLAs for critical security vulnerabilities
These findings emphasize several important areas of improvement in the cybersecurity remediation process. As cybersecurity threats evolve, organizations must adapt by seeking better visibility into their code-to-cloud environment, identifying ways to accelerate remediation, strengthening organizational collaboration, and streamlining processes to counter risks effectively.
Related Articles:
Decoding the Volt Typhoon Attacks: In-Depth Analysis and Defense Strategies
Published: 12/17/2024
Threats in Transit: Cyberattacks Disrupting the Transportation Industry
Published: 12/17/2024
Zero-Code Cloud: Building Secure, Automated Infrastructure Without Writing a Line
Published: 12/16/2024
Achieving Cyber Resilience with Managed Detection and Response
Published: 12/13/2024