Cloud infrastructures present a slew of challenges for IT security professionals, including the prevalence of false positives and duplicate alerts, which complicate visibility efforts in cloud computing environments.
These were among the findings revealed by the Cloud Security Alliance (CSA) in its State of Security Remediation report, which underscored the difficult balancing act confronting cloud security experts.
Based on a survey of 2,000 IT and security professionals, the report found less than a quarter (23%) of organizations said they have full visibility into their cloud environments, indicating a widespread struggle to achieve comprehensive oversight.
Moreover, nearly two-thirds (63%) of respondents said they find duplicate alerts a moderate to significant hurdle, impeding efficient threat detection and response mechanisms.
The complexity of existing security tooling further exacerbates the situation, with 61% of organizations relying on a plethora of between three and six detection tools, introducing layers of intricacy and potential inefficiencies.
Compounding these challenges are the labor-intensive manual tasks associated with security alert resolution, with approximately 75% of security teams dedicating over 20% of their time to such endeavors.
The report also revealed a concerning lag in addressing critical vulnerabilities, with 18% of organizations taking more than four days to remediate these issues, leaving crucial systems exposed to potential exploits for extended periods.
More than half of the vulnerabilities addressed by organizations resurfaced within a month of initial remediation efforts, indicative of systemic weaknesses in current mitigation strategies.
Meanwhile, organizational silos and suboptimal collaboration between security and development teams pose formidable barriers to effective security practices, with 18% of organizations reporting either no collaboration or counterproductive relationships between these vital stakeholders.
John Pirc, vice president at Netenrich, said to enhance cloud visibility, organizations should adopt unified security management platforms and zero-trust architectures alongside continuous monitoring tools to improve the detection and mitigation of threats.
“Organizations can reduce alert fatigue by implementing advanced analytics and machine learning for prioritizing alerts, and centralizing alert management to focus on critical threats,” he explained.
He noted that while using multiple detection tools offers a layered defense, it also adds complexity.
“Optimizing through a security orchestration, automation and response (SOAR) platform can streamline operations, integrating tools for better efficiency and security,” Pirc said. “To minimize manual efforts, organizations should use SOAR platforms for automating routine tasks, allowing security teams to focus on strategic tasks requiring human judgment.”
According to Delinea’s recent ransomware research, cloud and applications are two of the top techniques attackers abuse to gain access to an organization’s infrastructure.
Joseph Carson, chief security scientist and advisory CISO at Delinea, said as organizations realize the challenges of multi-cloud and hybrid cloud risks, they must take action to reduce those risks.
This typically means a strong identity and access management (IAM) strategy integrated with a privileged access management (PAM) solution and cloud infrastructure entitlement management (CIEM).
“With these combinations of solutions, it allows organizations to regain visibility across multiple cloud environments, enforce security and reduce risks,” he said.
From Carson’s perspective, one of the best ways to reduce alert fatigue is to automate as many alerts as possible with strong security correlation across multiple solutions that can be combined with a risk score that can be ranked against other alerts.
“When you automate and rank alerts, this allows you to streamline alerts and only focus on alerts that must be investigated by humans,” he said. “Manual tasks have always been a challenge for many organizations. It is not something that is unique to cloud environments.”
He advised organizations to find the balance between reactive productivity and strategic productivity, which means allocating time for manual tasks to be automated and enabling the security team to spend more time on getting value out of solutions and security investments.
Claude Mandy, chief evangelist of data security at Symmetry Systems, pointed out that the report alluded to the fact that modern environments are adopting more and more ephemeral infrastructure, such as containers and Kubernetes.
“Keeping track of this infrastructure and identifying vulnerabilities for the brief time it is accessible is an almost herculean task,” he said.
At the same time, attackers are using credential compromises, phishing and other direct identity-focused attacks to breach data in ransomware and other extortion attacks.
“Only by focusing on a data-centric approach that reduces the amount of access to data that is being targeted can organizations provide the visibility they need to improve their security posture,” Mandy said.
Recent Articles By Author