Cyber Asset Management Overwhelming IT Security Teams

Cyber Asset Management Overwhelming IT Security Teams

Corporate assets being shifted to cloud storage are putting IT security management to the test as more expansive attack surfaces are formed, exposing organizations to more cyber risk.

API-first, cloud-first, and digital transformation initiatives are rapidly reshaping the enterprise technology environment. As a result, cybersecurity suffers a high cost.

Increasing the number of internet-facing assets in enterprise production environments increases the danger of a cyberattack originating from exploiting unknown, unmanaged, or poorly managed online purchases. The modern threat surface has become too vast and complex for security professionals to monitor using traditional, manual asset lifecycle methodologies.

Workload Unprecedented

Security teams are overworked and understaffed due to having too many assets to handle. In a cloud-based business, they have incredible support to inventory, manage, and secure.

Researchers discovered that current security teams are in charge of more than 165,000 cyber assets on average, including cloud workloads, devices, network assets, apps, data assets, and people.

With cybersecurity talent in limited supply, firms must assist their existing teams in becoming more efficient, according to JupiterOne's 2022 State of Cyber Assets Report (SCAR), which was released on Tuesday.


Picture: technewsworld


Shifts toward cloud-native development, microservices, and scale-out design have significantly influenced security teams, according to Jasmine Henry, JupiterOne's field security director and primary author of the research.

Security teams are overworked, underfunded, and underskilled, with a backlog of over 120,000 security findings on average.

"Enterprise asset inventories have altered dramatically, and humans do not always deploy assets for the first time in history." "The environment necessitates new, automated ways to attack surface management," Henry told TechNewsWorld.

Important Findings


Picture: passportalmsp

Employees outweigh cyber assets in the organization by a large margin.

For every human employee, the average firm has over 500 cyber assets. As a result, automation is a must-have for security success. Hosts, agents, and other device-related assets proliferating are essential components of cybersecurity.

In the average firm, the device-to-employee ratio is 110:1. The average security team is in charge of 32,190 devices. Furthermore, cloud-based inventories account for roughly 90% of current device inventories.

Ultra-reliable dynamic network topologies necessitate novel, automated security measures. Modern DevOps teams may route traffic between subnets by hosting load balancers, proxy servers, and network address translation (NAT) services on network interfaces.

Static IP addresses make up less than 1% of network assets, while network interfaces make up 56%. The ever-changing threat surface necessitates innovative, automated security measures.

Modern enterprises are incredibly vulnerable to software supply chain threats. According to a test of more than 20 million application assets, just 9% of applications were homegrown or built in-house. However, third-party code accounts for 91% of corporate code.

Henry said that enterprise software like Solar Winds and open-source software such as Log4j was at the center of some terrible cybersecurity news last year.

"Software supply chain security became practically unmanageable for security teams in 2021, and the situation of cyber assets in 2022 demonstrates why," she continued.

By The Numbers

SCAR examined cyber asset inventories and user inquiries collected from the JupiterOne Cyber Asset Attack Surface Management (CAASM) platform for one week, from September 28 to October 5, 2021.

The complete data collection comprised over 372 million security findings from 1,272 firms, including enterprises, mid-market organizations, and small businesses.

According to the findings, cloud deployments are becoming the de facto deployment model in businesses. According to the study, cloud assets account for 97 percent of all security discoveries.

In the modern corporation, about 90% of device assets are cloud-based.

Physical devices such as computers, tablets, smartphones, routers, and IoT hardware account for less than 10% of total devices.

Cloud network assets surpass physical network assets by a factor of roughly 60:1. Despite this, an examination of approximately 10 million security policies revealed that cloud-specific policies account for less than 30% of the total.

During the pandemic, businesses looked to cloud technologies to accommodate the spike in remote labor and retain some sense of normalcy in company operations.

Unfortunately, the rapid digital transition has also led to new entry points for cyberattacks by malevolent threat actors, according to Sunil Yu, CISO and head of research at JupiterOne.

"This research sheds light on the vast volume of cyber assets in today's world and serves as a warning to company leaders and security experts to take better stock of their assets to grasp the risk implications of their increased attack surface," told TechNewsWorld.

The Cloudy Forecast Necessitates Attention.


Picture: technewsworld

Most security teams pay attention to the indirect linkages between persons, devices, networks, and sensitive data. According to the survey, only 8% of queries prompted the JupiterOne platform to evaluate second-degree or third-degree linkages between assets.

Critical data and sensitive information have 105 million first-degree links (i.e., direct access) with individuals, apps, devices, and workloads, making them the most interconnected assets.

The study also discovered nearly 45 million links between security discoveries, showing that many security backlogs contain findings designated as critical vulnerabilities or policy exceptions.

As a result, the ordinary security team is blind to some security dangers.

Many teams lack adequate resources or expertise to thoroughly assess the risks associated with potential compromises.

SCAR advises organizations to invest in cloud-native security products that enable automation and data-driven decision-making.

As a result, security personnel will better understand their network's cyber asset landscape and the relationships among those assets. 

0 ratings
Paul Syverson
Paul Syverson
Paul Syverson is the founder of Product Reviews. Paul is a computer scientist; he used to carry out a handful of significant studies which contributed to bringing in many special features on the site. He has a huge passion for computers and other tech products. He is always diligent in delivering quality writings to bring the most value to people. |