Can more tools lead to worse cloud security?
Security teams receive an average of over 4,000 alerts per month from multiple cloud security tools, leading to major inefficiencies and serious delays that result in a weakening of overall cloud runtime security.
This 'cloud security paradox' -- more tools leading to less security -- is revealed in a new report from ARMO based on responses from more than 300 SecOps stakeholders and cybersecurity leaders. It finds that security teams must sift through roughly 7,000 alerts to find a single active threat.
"Over the past few years we've seen rapid growth in the adoption of cloud runtime security tools to detect and prevent active cloud attacks and yet, there’s a staggering disparity between alerts and actual security incidents," says Shauli Rozen, CEO and co-founder at ARMO. "Without the critical context about asset sensitivity and exploitability needed to make sense of what is happening at runtime, as well as friction between SOC and Cloud Security, teams experience major delays in incident detection and response that negatively impacts performance metrics."
Among other findings 89 percent of respondents report that their current processes fail to detect active threats while 46 percent grapple with alert fatigue. In addition 45 percent report consistent false positives.
Although 63 percent of organizations deploy more than five cloud runtime security tools only 13 percent successfully correlate alerts between them. It takes an average of 7.7 days, up to 30 days, to correlate alerts across tools and organizational silos.
The findings show 92 percent of respondents believe that unified cloud runtime security solutions would enhance incident response efficiency and contextualize alerts to further improve response times.
Interestingly 38 percent of SecOps professionals identify the cloud security team as their most difficult collaboration partner during incidents, followed by the platform team (31 percent). This suggests that while establishing separate cloud security teams (a practice adopted by 63 percent of companies) may have been a reasonable approach when cloud technology was emerging, it now creates problematic silos as cloud has become mainstream. These artificial boundaries fragment visibility, complicate communication, and increase detsection and response times.
You can get the full report from the ARMO site.
Image credit: Syda_Productions/depositphotos.com