Enterprises today are under more pressure than ever to minimize their “attack surface.” That is, they need to detect Indicators of Exposures (IOEs), identify vulnerabilities and capture and correct misconfigurations in security and network devices in both physical and virtual environments. This is an extremely challenging assignment. The IT organization must locate tens-of-thousands of vulnerabilities and misconfigurations concealed on its network, analyze and prioritize those vulnerabilities and misconfigurations and remediate the most critical. Clearly, automated tools are needed to perform these activities at scale. But what types of tools are needed most? How automated are IT security groups today? How satisfied are they with their capabilities and what are their priorities in terms of improving them? CyberEdge conducted a survey for Skybox Security that is intended to answer these questions. It includes responses from 275 IT professionals around the world who work at companies with 500 or more employees. The report presents data about topics such as:
- Current practices: How data on vulnerabilities and misconfigurations is being used today.
- Collecting and discovering data: What automated tools are used to collect and discover data?
- Analyzing and prioritizing data: How satisfied are organizations with their current ability to analyze and prioritize vulnerabilities and misconfigurations?
- Remediation and provisioning: Which remediation processes are most (and least) automated?
- Priorities going forward: What areas related to managing vulnerabilities and misconfigurations are the highest priority for automation?
- In general, organizations tend to be most automated in, and most satisfied with, their ability to push patches to servers and to endpoints.
- The areas where organizations were least automated, and least confident, were related to (a) collecting data about cloud-based systems and applications and (b) analyzing and remediating firewall rules that violate policies and regulations, making those the areas with the most room for improvement in the immediate future.
- Remediation and provisioning processes (with the exception of pushing patches) were significantly less automated than other tasks covered in the survey.
- Organizations using an attack surface visibility tool were significantly more likely to be satisfied with their capabilities to analyze and prioritize data. Having an attack surface visibility tool had a particularly strong impact on an organization's satisfaction with its ability to address compliance issues and regulatory requirements.
- The areas where improving automation is the highest priority in the immediate future are managing the remediation of vulnerabilities, analyzing and prioritizing vulnerabilities and managing the remediation of misconfigurations and rule violations.
Jon Friedman, CyberEdge