Corporate assets moving to cloud storage are testing IT security management to the breaking point as larger attack surfaces are created to increasingly expose organizations to cyber risk.
The enterprise technology ecosystem is rapidly being reshaped by API and cloud-first digital transformation initiatives. This, in turn, comes at a high cost to cybersecurity.
As more assets are deployed in enterprise production environments, businesses face increased risk of cyber attack that begins by exploiting unknown, unmanaged, or poorly managed assets found on the Internet.
The modern attack surface has become too large and complex for security professionals to manage using traditional manual approaches to the asset lifecycle.
With too many assets to manage, security teams are fatigued and understaffed. They have an unprecedented number of assets to inventory, manage, and protect in a cloud-based organization.
The researchers found that, on average, modern security teams are responsible for more than 165,000 cyber assets, including cloud workloads, devices, network assets, applications, data assets, and users.
The shifts toward cloud-native development, microservices, and scalable architecture have deeply impacted security teams, according to Jasmine Henry, director of field security at JupiterOne and lead author of the report.
Security teams are overworked, understaffed, poorly trained, and navigate an average backlog of more than 120,000 security findings.
“Enterprise asset inventories have changed significantly, and for the first time in history, humans don’t necessarily deploy assets. The landscape calls for new and automated approaches to attack surface management,” Henry told TechNewsWorld.
Cyber assets significantly outnumber employees in the company. The average organization has more than 500 cyber assets for every human employee. This makes automation a requirement for security success.
Proliferating devices include hosts, agents, and other device-related assets that remain an essential part of cybersecurity.
The ratio of devices to each employee in an average organization is 110:1. The average security team is responsible for 32,190 devices. Additionally, nearly 90 percent of modern device inventories are cloud-based.
Ultra-reliable, dynamic network architectures demand new, automated approaches to security. Modern DevOps teams use network interfaces to route traffic between subnets when hosting load balancers, proxy servers, and Network Address Translation (NAT) services.
Static IP addresses comprise less than 1 percent of network assets, while network interfaces account for 56 percent. The dynamic attack surface demands new and automated security approaches.
Modern organizations are highly vulnerable to software supply chain attacks. Analysis of more than 20 million app assets found that only nine percent of apps were created or developed in-house. But 91 percent of the code running in-house was developed by third parties.
Last year’s top cybersecurity headlines included some scary software supply chain vulnerabilities from enterprise sources like Solar Winds and open source software like Log4j, Henry said.
“In fact, software supply chain security became almost unmanageable for security teams in 2021, and the state of cyber assets in 2022 shows why,” he added.
by the numbers
SCAR analyzed cyber asset inventories and user queries derived from the JupiterOne Cyber Asset Attack Surface Management (CAASM) platform for one week, from September 28 to October 5, 2021.
The total dataset included more than 372 million security findings from 1,272 organizations, including enterprises, mid-market organizations, and small businesses.
The results show that cloud deployments are becoming the de facto deployment model for businesses of all shapes and sizes. The research found that 97 percent of security findings come from cloud assets.
Nearly 90 percent of device assets in the modern organization are cloud-based. Physical devices like laptops, tablets, smartphones, routers, and IoT hardware make up less than 10 percent of total devices.
Cloud network assets outnumber physical networks by nearly 60:1. However, analysis of nearly 10 million security policies found that cloud-specific ones make up less than 30 percent of the total.
During the pandemic, companies have turned to cloud technologies to support the rise of remote work and maintain some semblance of normalcy in business operations.
Unfortunately, the rapid digital transformation has also resulted in new entry points for cyberattacks by malicious threat actors, according to Sounil Yu, CISO and head of research at JupiterOne.
“This research sheds light on the sheer volume of cyber assets in today’s landscape and serves as a warning to business leaders and security professionals to take better stock of their assets so they can understand the risk implications of their surface.” of attack expanded,” he said. he told TechNewsWorld.
Cloudy forecast needs attention
Most security teams pay little attention to the indirect relationships between users, devices, networks, and critical data. Only eight percent of queries asked the JupiterOne platform to consider second- or third-degree relationships between assets, the report noted.
Critical data and sensitive information are among the most closely related types of assets, with 105 million first degree relationships (ie direct access from) to users, applications, devices and workloads.
The analysis also uncovered nearly 45 million relationships between security findings, indicating that many security backlogs contain findings identified as critical vulnerabilities or policy exceptions.
This leads to the average security team being blind to some security risks. Many teams lack the resources, or are underskilled, to fully understand the risk of potential compromises.
Organizations should invest in cloud-native security tools that enable automation and data-driven decision making, SCAR recommends. This will help security teams gain real visibility into their cyber asset landscape and asset-to-asset relationships.