Skybox® Security, a global leader in security analytics, released today the results of its 2016 Trends Report: Analyzing the Attack Surface. Prepared for Skybox by the research firm CyberEdge Group, the report details findings from a global survey of 275 IT professionals at enterprises and government agencies with more than 500 employees. It presents data on how IT organizations are using automated tools to identify, analyze and prioritize vulnerabilities and misconfigurations concealed on their networks — physical, virtual and cloud.
Among the key findings: organizations are least automated (and least confident) in areas related to (a) collecting data about virtual and cloud-based systems and applications and (b) analyzing and remediating firewall rules that violate policies and regulations. These are the areas, therefore, with the most room for improvement in the immediate future, especially considering that many organizations are quickly transitioning to hybrid IT networks and regulatory requirements worldwide are increasing and becoming more strict.
For example, while a near-perfect 92 percent of organizations use automated tools to detect vulnerabilities on hosts and servers, only 54 percent use automated tools to assess security controls on cloud-based systems and applications.
The data points to other areas that need improvement, particularly for tasks involving remediation and provisioning. Although most organizations automate the process of pushing patches (between 74 and 81 percent), approximately half of the organizations (between 44 and 53 percent) have primarily or completely manual processes for most other areas. This includes: remediating misconfigurations on servers and network devices, systems and data access rules, and firewall rules that violate policies; provisioning firewalls, firewall rules and security.
“The lack of an automated approach among so many organizations is alarming, especially when you consider that the industry is experiencing a severe shortage of security professionals,” said Skybox Director of Product Marketing Kevin Flynn. “And in the very near future, regulations will become more burdensome — and the consequences of not meeting those regulations more painful — so organizations should really be investigating tools that automate configuration, vulnerability and policy management.”
Additional key findings:
- The extent of satisfaction that IT professionals have with their current capabilities tends to go hand-in-hand with the extent of automation for processes related to vulnerabilities and misconfigurations.
- Having an attack surface visibility tool had a particularly strong impact on an organization’s satisfaction with its ability to address compliance issues and regulatory requirements.
To view the full report from Skybox Security, click here.
.@skyboxsecurity survey finds #infosec #datacollection capabilities low in #cloud and #virtualnetwork http://ow.ly/46of305qhx8
About Skybox Security
Skybox arms security leaders with a powerful set of integrated security solutions that give unprecedented visibility of the attack surface and key Indicators of Exposure (IOEs), such as exploitable attack vectors, hot spots of vulnerabilities, network security misconfigurations and risky firewall access rules. By extracting actionable intelligence from data using modeling, simulation and analytics, Skybox gives leaders the insight needed to quickly make decisions about how to best address threat exposures that put their organization at risk, increasing operational efficiency by as much as 90 percent. Our award-winning solutions are used by the world’s most security-conscious enterprises and government agencies for vulnerability management, threat intelligence management and security policy management, including Forbes Global 2000 enterprises.
© 2016 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.