6 surprising insights from recent CDR research
Cybersecurity has never been easy. But the cloud has made it exponentially more challenging. Now, anyone with an internet connection can access or compromise sensitive data from anywhere in the world. New attacker techniques — or dangerous evolutions of legacy cyberattacks — can hide easily in the cloud’s infinite and growing attack surface.
Frustration with cloud detection and response (CDR) tools is real. Yet, according to a recent Enterprise Strategy Group (ESG) survey co-sponsored by Lacework, it’s a complicated relationship with a lot of nuance. Security teams see the need for security agents to gain the needed visibility to detect issues in workloads, but think they make SecOps more complex. Security teams are also overwhelmed by the amount of data at their fingertips, yet they often need more data for efficient investigations.
These are but two of the multitude of rich learnings that came out of the recent ESG survey. Here are 6 interesting finds from the study:
1. More tools make more problems
SecOps teams feel like they’re always catching up from behind. The abundance of tooling makes the output of data overwhelming. The thought of trying to quickly analyze all of the information, determine the exact right thing to fix, and triage quickly – all without automation – is not scalable. The shortage of skilled cybersecurity staff trying to keep up with the size and scale of the cloud adds salt to the wound.
It’s easy to see why friction between strained security teams and IT remains a battle. Is it possible that more security tools actually creates more risk? Or are current tools simply falling short? We explored the topic in a dedicated blog.
2. Tooling frustration is widespread
If you feel like your current security stack isn’t fit to tackle the cloud, you are not alone. A lack of context into the security posture of cloud-based workloads and applications is a big problem and creates gaps. Unfortunately, the majority of organizations still rely on threat detection and response tools that were never intended for the cloud, like endpoint detection and response (EDR) and security information event management (SIEM) tools.
Most SecOps pros agree their incident response tools are not effective. They simply can’t keep up with the data collection, processing, and analysis demands of the cloud, and they lack runtime visibility to help accurately prioritize risk. This has created an opportunity for innovative security vendors to develop a better method for the cloud madness. These solutions were built for the cloud and pull together disparate data sets from multicloud environments, synthesize them, and provide your team with the insights and action plan needed to focus your efforts and reduce risk quickly.
3. Give us more data
There’s already an overwhelming amount of data in the cloud, but shockingly, security analysts still want more. The ESG study revealed 85% of respondents either agreed or strongly agreed with the statement: “We need additional data and context to efficiently respond to threats in our cloud environment.” However, in the same survey, over a quarter (26%) of respondents who feel that SecOps has gotten more difficult over the past 2 years cited the fact that they collect and process more data than they did beforehand.
Really, do we need more data… Or is lack of automation making it difficult to understand the data already at our disposal? The cloud is full of data, and because the cloud is interconnected, we have to consider cloud data in its full context. “The sum is greater than the parts,” as the saying goes. Yet, all too often, our security solutions are designed as if the data in the cloud can be siloed. And, since it can’t, we’re left manually piecing together data from multiple solutions to determine our highest priority risks and other cloud issues.
Organizations that embrace automation to draw insights from its entire cloud environment can actually use the data they have to eliminate noise and simplify cloud security efforts.
4. DevSecOps positively affects cloud threat response
Teamwork makes the dream work, right? The ESG study revealed an interesting tie between DevSecOps and CDR. According to the research, SecOps teams in organizations with firmly established DevSecOps workflows saw a number of benefits related to threat detection and response. Having security and development teams working hand-in-hand prior to an exploit accelerates threat remediation activities. Tim Chase, the head of our global field CISO team, dug in deep with the Cloud Security Alliance on this very topic.
Not on the DevSecOps train yet? You should be. The ESG survey found that an overwhelming 97% of the companies represented had either implemented DevSecOps practices or were strongly considering implementation. These teams are already experiencing real results and better efficiency with DevSecOps practices — even beyond development, apparently.
5. The security kitchen is getting crowded with cooks
Too many cooks but not enough dishwashers… We’ve all been there. Sometimes less is more, especially when it comes to decision making. When naming modern security challenges, 39% of ESG study respondents said that new or more stakeholders being involved in security decisions were adding complexity and slowing things down.
To mitigate this issue and keep the friction between teams at bay, companies should invest in transparent processes and collaborative security tools. This will ensure that all involved parties share a common understanding, goal, and plan of attack to resolve critical issues. Organizations should also invest in security tools that integrate with existing DevSecOps tools for better visibility between security and development teams.
6. Relationship with security agents? It’s complicated
Team agent versus team agentless. It’s a tricky topic for security folks — one that comes with excessive historical baggage. Previous experience with legacy agents brings memories of difficult deployment, manual maintenance, and performance issues. Agentless solutions appear more attractive because they are simple, easy to maintain, and work great with API connections.
However, it’s not that simple. While agentless options offer ease, they can’t get the job done when it comes to finding an attacker within your actual workloads. And most modern agentless solutions actually add more risk to your data, not less.
Despite passionate opinions, the majority of security professionals overwhelmingly recognize the value that agents provide. As a result, the combination of agent and agentless approaches in the cloud can create harmony and allow organizations to secure their cloud. Andy Schneider, one of our European field CISOs, discussed the topic with the Cloud Security Alliance — and attempted to put the debate to rest.
The cloud demands a new way of thinking
If the ESG study taught us anything, it’s this: cybersecurity isn’t a one-size-fits-all pursuit. And the cloud has dramatically emphasized this point for us.
For many, CDR is currently being handled by tools and processes that were not built or optimized for the cloud, so it’s not shocking that frustration is high. But not to worry, the right tools exist that can empower your security and DevOps teams to work together, find common ground, and improve efficiency. While the cloud is definitely a complex environment, better tools that capture and analyze all the pertinent data and help you prioritize actions and reduce risk will make the cloud less complex to secure and manage.
Download the full ESG study to learn more about common CDR pain points and how other companies are thinking about efficient cloud security.