Cloud security tool sprawl leads to missed issues, false positives, burnout and more
A new survey of more than 800 IT professionals finds that 55 percent of respondents are using three or more cloud providers and 57 percent have five or more cloud security tools.
But the study from Orca Security shows this combination of multi-cloud adoption and disparate tooling is overwhelming security teams with inaccurate alerts. For example, 59 percent of respondents receive more than 500 public cloud security alerts a day, and 38 percent receive more than 1,000 a day.
Over half of respondents spend more than 20 percent of their time deciding which alerts should be dealt with first. This overload of alerts, combined with widespread inaccuracy (43 percent say more than 40 percent of their alerts are false positives, while 81 percent say 20 percent are) is contributing to staff turnover but also to missed critical alerts. 55 percent of respondents say their team has missed critical alerts in the past due to ineffective alert prioritization, and often this happens on a weekly or even daily basis.
"Multiple, disconnected tools continue to plague security teams. Having to sift through hundreds of 'high priority' often meaningless alerts is causing security practitioners to become overwhelmed and leading to burnout and turnover, exacerbating cybersecurity staff shortages," says Avi Shua, CEO and co-founder of Orca Security. "The only way to win the battle of cloud security is to leverage context to the maximum. Practitioners should be enabled to focus on the very few toxic combinations of alerts and attack paths that can put their crown jewels in jeopardy, rather than trying to review thousands of meaningless alerts."
Having more security tools only serves to make things worse, those with 10 or more cloud security tools are 67 percent more likely to receive over 1,000 alerts per day than those with five or fewer tools.
More than half of security professionals with at least 10 tools in their cloud environments receive 40 percent or more false-positive alerts, while almost 70 percent of security teams with more than 10 tools suffer from alert fatigue compared to 57 percent of those with less than five tools.
The full report is available from the Orca site.