Cyber ​​Asset Management Overflow of IT Security Teams

Enterprise assets being moved to cloud storage puts a strain on IT security management as larger attack surfaces are created to increasingly expose organizations to cyber risk.

The enterprise technology ecosystem is rapidly being reshaped by digital transformation initiatives, focused on API and cloud. This, in turn, comes at a high cost for cybersecurity.

As more and more assets are deployed in enterprise production environments, businesses face an increased risk of cyber attack that begins with the exploitation of unknown, unmanaged, or mismanaged internet assets.

The modern attack surface has become too large and complex for security professionals to manage using traditional manual asset lifecycle approaches.

Unprecedented workload

With too many assets to manage, security teams are tired and understaffed. They have an unprecedented number of assets to inventory, manage, and secure in a cloud-based organization.

Researchers found that, on average, modern security teams are responsible for over 165,000 cyber assets, including cloud workloads, devices, network assets, applications, data assets, and users.

With a shortage of cybersecurity talent, organizations need to help their existing teams become more efficient, according to the 2022 State of Cyber ​​Assets (SCAR) report released Tuesday by JupiterOne.

Source: Jupiter One

According to Jasmine Henry, director of field security at JupiterOne and lead author of the report, the move towards cloud-native development, microservices, and scale-out architecture has had a profound impact on security teams.

Security teams are overworked, understaffed, underqualified and managing an average backlog of over 120,000 security findings.

“Enterprise asset inventories have changed dramatically and, for the first time in history, assets are not necessarily deployed by humans. The landscape demands new automated approaches to attack surface management,” Henry told TechNewsWorld.

Main conclusions

Cyber ​​assets significantly outnumber company employees. The average organization has well over 500 cyber assets for every human employee. This makes automation a prerequisite for security success.

Proliferating devices include hosts, agents, and other device-related assets that are still a critical part of cybersecurity.

The device ratio for each employee in an average organization is 110:1. The average security team is responsible for 32,190 devices. Additionally, nearly 90% of modern device inventories are cloud-based.

Ultra-reliable dynamic network architectures require new automated approaches to security. Modern DevOps teams use network interfaces to route traffic between subnets by hosting load balancers, proxy servers, and network address translation (NAT) services.

Static IP addresses represent less than 1% of network assets, while network interfaces represent 56%. The dynamic attack surface demands new automated approaches to security.

Modern organizations are highly vulnerable to software supply chain attacks. Analysis of more than 20 million application assets revealed that only 9% of applications were developed in-house or developed in-house. But 91% of the code running in the company was developed by third parties.

Top cybersecurity headlines last year included terrifying software supply chain vulnerabilities from enterprise sources such as Solar Winds and open source software such as Log4j, Henry noted.

“In fact, software supply chain security has become almost unmanageable for security teams in 2021, and the state of cyber assets in 2022 shows why,” she added.

In numbers

SCAR analyzed cyber asset inventories and user queries from the JupiterOne Cyber ​​Asset Attack Surface Management (CAASM) platform for one week, from September 28 to October 5, 2021.

The total dataset included over 372 million security findings from 1,272 organizations, including enterprises, midsize organizations, and small businesses.

The results show that cloud deployments are taking over as the de facto deployment model in enterprises of all shapes and sizes. Research found that 97% of security results come from cloud assets.

Nearly 90% of device assets in the modern organization are cloud-based. Physical devices such as laptops, tablets, smartphones, routers and IoT hardware account for less than 10% of the total number of devices.

Cloud network assets outnumber physical networks by a ratio of nearly 60:1. Yet analysis of nearly 10 million security policies revealed that cloud-specific ones make up less than 30% of the total.

During the pandemic, businesses have turned to cloud technologies to support the rise of remote working and maintain some semblance of normality in business operations.

Unfortunately, rapid digital transformation has also resulted in new entry points for cyberattacks by malicious actors, according to Sounil Yu, CISO and Head of Research at JupiterOne.

“This research sheds light on the sheer volume of cyber assets in today’s landscape and serves as a wake-up call to business leaders and security professionals to take a better inventory of their assets so they can understand the risk implications of their extended attack surface,” he said. says TechNewsWorld.

Cloudy forecasts must be taken into account

Most security teams pay little attention to indirect relationships between users, devices, networks, and critical data. Only 8% of queries asked the JupiterOne platform to consider second- or third-degree relationships between assets, the report notes.

Critical data and sensitive information are among the most linked asset types, with 105 million first-degree relationships (i.e. direct access from) to users, apps, devices and workloads. work.

The analysis also revealed nearly 45 million relationships between security findings, indicating that many security backlogs contain findings identified as critical vulnerabilities or policy exceptions.

This leads the average security team to miss certain security risks. Many teams lack the resources – or are underqualified – to fully understand the risk of potential compromises.

cloud security teams are underqualified

Source: Jupiter One

Organizations should invest in cloud-native security tools that enable automation and data-driven decision-making, SCAR recommends. This will help security teams gain true visibility into their cyber asset landscape and asset relationships.

Comments are closed.