According to a Dynatrace study, continuous runtime vulnerability management is crucial for 79 percent of CISOs to keep up with the growing complexity of modern multi-cloud environments. […]
Dynatrace has published a worldwide study of 1,300 Chief Information Security Officers (CISOs) in large companies. A key result: the speed and complexity resulting from the use of multi-cloud environments, multiple programming languages and open source software libraries make vulnerability management difficult. 75 Percent of CISOs state that despite multi-layered security precautions, there are gaps that can lead to vulnerabilities in productive operation.
This underlines the growing need to combine observability and security. This gives companies a more effective way to manage runtime vulnerabilities and detect and defend against attacks in real time.
Three results of the study:
- 69 Percent of CISOs say that vulnerability management has become more difficult due to the greater need to accelerate digital transformation.
- More than three quarters (79 percent) of CISOs believe that automatic, continuous runtime vulnerability management is the key to closing the gap in the capabilities of existing security solutions. However, only 4 percent of companies have real-time visibility into runtime vulnerabilities in containerized production environments.
- Only 25 percent of security teams have real-time access to an accurate, constantly updated report on every application and code library running in production.
Bernd Greifeneder, Chief Technology Officer at Dynatrace:
“These findings underscore that security teams continue to overlook vulnerabilities, no matter how robust their defenses are. Both new applications and stable legacy software are vulnerable to vulnerabilities that are more reliably detected in production. Log4Shell was the poster child for this problem, and there will no doubt be more such scenarios in the future.
Obviously, most companies still lack real-time transparency when it comes to runtime vulnerabilities. The problem arises from the increasing use of cloud-native deployment processes. Although they enable greater business agility, they also bring a new complexity for vulnerability management, attack detection and defense. The rapid pace of digital transformation means that the already overloaded teams are bombarded with thousands of security warnings that make it impossible to focus on the essentials. Teams can’t manually respond to every alert, and companies are exposing themselves to unnecessary risks by allowing vulnerabilities to enter production.“
Further results of the study:
- On average, companies receive 2,027 alerts about potential security vulnerabilities in applications every month.
- Less than a third (32 percent) of the daily incoming alerts about security vulnerabilities in applications require action, compared to 42 percent last year.
- On average, application security teams waste 28 percent of their time on vulnerability management tasks that could be automated.
The study is available for free download here (registration required).
*Bernhard Lauer is, among other things, a freelance editor of dotnetpro and manages the Basic Instinct section here, for example. He has been programming privately with Visual Basic since version 1.0.