SEATTLE – Feb. 14, 2024 – A new survey and report on The State of Security Remediation from the Cloud Security Alliance (CSA) found that more than 77% of respondents feel unprepared to deal with security threats.
Commissioned by Dazz, CSA surveyed more than 2,000 IT and security professionals on the challenges they are facing in their remediation operations practices, as well as critical areas of improvement.
“The survey found that the number of security tools an organization has isn’t nearly as important as the tools’ efficiency and their ability to reduce vulnerabilities. Companies need a more nuanced approach that focuses on tools’ integration and intelligent orchestration,” said Hillary Baron, lead author and Senior Technical Director for Research, Cloud Security Alliance. “As cybersecurity threats evolve, organizations must adapt by seeking better visibility into their code-to-cloud environment, identifying ways to accelerate remediation, strengthening organizational collaboration, and streamlining processes to counter risks effectively.”
Among the survey’s other key findings:
- A significant concern exists regarding the prevalence of vulnerabilities in code and their tendency to recur. This finding highlighted a pattern of quick-fix approaches rather than sustainable, long-term solutions. A substantial 38% of respondents estimated that between 21% and 40% of their code contains vulnerabilities; 19% noted that 41-60% of their code contains vulnerabilities, and 13% identified vulnerabilities in 61-80% of their code. Compounding this issue was the finding that over half of the vulnerabilities addressed by organizations tend to recur within a month of remediation.
- Many organizations are struggling to achieve visibility in their cloud environments. Only 23% of organizations reported full visibility with 77% experiencing less-than-optimal transparency, strongly suggesting that the complexity of these environments—particularly with the integration of containers and serverless architectures—poses significant challenges.
- False positives and duplicate alerts pose significant challenges. Sixty-three percent of organizations consider duplicate alerts a moderate to significant challenge, while 60% view false positives similarly, highlighting the inefficiencies and drawbacks of too much data coming at security teams. The high rate of organizations struggling with this could be attributed to overlapping functionalities among tools, or a lack of refined integration and fine-tuning, leading to alert fatigue, prioritization challenges and, ultimately, slower incident response times.
- The proliferation of security tooling is creating complexities. The escalating trend of alert overload is a significant challenge facing organizations. With 61% of organizations using between three and six different detection tools and 45% planning to increase their security tooling budget in the coming year (indicating that more are likely to be introduced), the landscape is becoming increasingly complex. This proliferation of tools, while enhancing security coverage, also leads to a surge in alerts, including a high volume of false positives.
- Significant room for improvement exists in the remediation process. Seventy-five percent of organizations reported their security teams spend over 20% of their time performing manual tasks when addressing security alerts, despite 83% reporting they use at least some automation in their remediation process.
- Slow response times to vulnerabilities indicate potential gaps in prioritization and response strategies. Eighteen percent of organizations reported taking more than 4 days to address critical vulnerabilities, with 3% exceeding two weeks. This slow response may result in prolonged risk periods, increasing the likelihood that companies will become the victim of a breach.
The survey was conducted online by CSA in December 2023 and received 2,037 responses from IT and security professionals from organizations of various sizes and locations. CSA research analysts performed the data analysis and interpretation for this report. Sponsors are CSA Corporate Members who support the research project’s findings but have no added influence on the content development or editing rights of CSA research.
Download the full report here.
