According to a survey of 1.300 CISOs, 75 percent say: Too many app vulnerabilities get into operations. For 79 percent of CISOs, continuous runtime vulnerability management is critical to keep up with the growing complexity of modern multi-cloud environments.
Dynatrace, the Software Intelligence Company (NYSE: DT), has released a global study of 1.300 chief information security officers (CISOs) at large organizations. A key finding: The speed and complexity introduced by the use of multi-cloud environments, multiple programming languages and open-source software libraries make vulnerability management difficult. 75 percent of CISOs state that despite multi-layered security precautions, there are gaps that can lead to vulnerabilities in productive operations. This underscores the growing need to combine observability and security. This gives organizations a more effective way to manage runtime vulnerabilities and detect and mitigate attacks in real time. The study can be downloaded here free of charge.
Main results of the study
- 69 percent of CISOs say vulnerability management has become more difficult due to an increased need to accelerate digital transformation.
- More than three quarters (79%) of CISOs believe that automated, continuous runtime vulnerability management is key to closing the capability gap in existing security solutions. However, only 4 percent of organizations have real-time visibility into runtime vulnerabilities in containerized production environments.
- Only 25 percent of security teams have real-time access to an accurate, constantly updated report of every application and code library running in production.
"These results underscore the fact that security teams continue to overlook vulnerabilities, no matter how robust their defenses are," said Bernd Greifeneder, chief technology officer at Dynatrace. “Both new applications and stable legacy software are susceptible to vulnerabilities that are more reliably detected in production. Log4Shell has been the poster child for this issue, and there will no doubt be more such scenarios in the future. Obviously, most companies still lack real-time visibility into runtime vulnerabilities.
Threatening cloud-native deployment processes
The problem arises from the increasing use of cloud-native delivery processes. While they enable greater business agility, they also bring new complexity to vulnerability management, attack detection and mitigation. The rapid pace of digital transformation means already stretched teams are bombarded with thousands of security alerts, making it impossible to focus on what matters most. Teams cannot manually respond to every alert, and companies are exposing themselves to unnecessary risk by allowing vulnerabilities to enter production.”
Further results of the study
- On average, organizations receive 2.027 alerts each month about potential application security vulnerabilities.
Less than a third (32%) of daily application vulnerability alerts receive action; compared to 42 percent last year. - On average, application security teams waste 28 percent of their time on vulnerability management tasks that could be automated.
“Enterprises have recognized that to effectively manage vulnerabilities in the cloud-native era, security must become a shared concern. The convergence of observability and security is critical to providing the development, operations, and security teams with the context they need to understand how their applications connect, where the vulnerabilities lie, and which ones to prioritize. This accelerates risk management and the reaction to incidents,” continues Greifeneder. “To be truly effective, organizations should look for solutions that have AI and automation capabilities at their core and enable AISecDevOps. With it, your teams can quickly identify and prioritize runtime vulnerabilities, block attacks in real time, and fix bugs before they are exploited. No more wasting time tracking false positives and potential vulnerabilities that never make it to production. Instead, they can deliver better and more secure software faster.”
Background of the study
The study is based on a global survey of 1.300 CISOs in large companies with more than 1.000 employees. It was conducted in April 2022 by Coleman Parkes on behalf of Dynatrace with participants from Germany, France, UK, Spain, Italy, Scandinavia, USA, Middle East, Australia, India, Singapore, Malaysia, Brazil and Mexico.
More at dynatrace.com
About Dynatrace
Dynatrace ensures that software works perfectly worldwide. Our unified software intelligence platform combines broad and deep observability and continuous run-time application security with the most advanced AIOps to deliver answers and intelligent automation from data at remarkable scale. This enables organizations to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences.