COMMENTARY: It doesn’t take much to imagine a bustling security team bombarded with alerts, notifications, and findings, many of which do not require immediate attention. It’s become the reality for more than half of security teams, many of which report experiencing a very high level of noise from their tools.
Our research has found that the average company runs tools from around more than 30 different security vendors. To take it one step further, more than half of respondents (51%) experiencing this level of fragmentation report a high to very high level of noise from their tools.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
This deluge of information doesn't just distract: it paralyzes. A staggering 85% of respondents admit they struggle to manage this noise, citing slow or delayed risk reduction as their primary challenge.
The result has been that security teams are overwhelmed, and their ability to swiftly identify and prioritize genuine risks has been compromised, leading to delayed response times and increased vulnerability to cyberattacks. This jeopardizes the organization’s security posture, and also strains resources and personnel, creating an environment where critical threats can slip through the cracks.
Role of automation
Consider the reality for many security teams: a deluge of exposures and vulnerabilities that they must manage with limited resources. Many have sought relief by turning to automation to streamline important processes such as vulnerability scanning, prioritization, and remediation.
We also found that 97% of organizations are adopting some level of automation in their vulnerability management practices. For instance, 65% of organizations use automation to enhance the accuracy and speed of vulnerability identification, while 53% leverage it to prioritize threats effectively. These steps are crucial in a world where cyber threats are relentless and unforgiving.
Teams also reported using automation for remediation, including finding the remediation team and implementing fixes. But that occurs at lower rates, with each of those being done by 41% of people surveyed. So, despite its many benefits, automation does not get used by everyone. In fact, nearly half of security professionals (44%) still rely on manual methods. Security teams see the value of automation, but these numbers show room for improvement across the board.
Whether because of a lack of awareness, budget constraints, technological limitations, or a lack of skilled personnel, teams must address these hurdles to fully realize the scaling and risk reduction potential automation can bring to vulnerability management.
This means pushing beyond basic automation and adapting to new technologies.
Today, many companies are placing their bets on artificial intelligence (AI) to improve security. A substantial majority of security teams our research team spoke to (85%) plan to increase their AI investment over the next five years, signaling a seismic shift in cybersecurity strategy.
Security teams see the promise of AI to transform the initial stages of vulnerability management, with 38% of respondents believing it will significantly enhance vulnerability assessment accuracy and efficiency, and 30% seeing it as a vital tool for prioritizing threats based on impact and urgency. Vulnerability remediation was noted by 32% as an area where AI would help.
This optimism makes sense. AI's ability to process vast amounts of data swiftly and accurately positions it as a formidable ally against cyber threats. Indeed, 64% of respondents view AI as a powerful weapon in the cybersecurity arsenal. Yet, this enthusiasm has been tempered by significant concerns. A notable 68% of respondents express apprehension about the challenges AI might introduce, particularly its integration into software development, which could accelerate code production at a pace that security teams struggle to match.
The dual nature of AI—its potential to enhance and complicate—presents a paradox for security professionals. On one hand, AI offers unprecedented capabilities in identifying and prioritizing vulnerabilities, promising a faster response to emerging threats. On the other, the rapid pace of AI-driven development may outstrip the ability of security teams to manage vulnerabilities effectively, creating new challenges in maintaining robust security postures.
There’s no silver bullet
Confronted by many challenges, organizations must navigate the benefits and pitfalls of any new technology, whether it’s automation or AI. While they both offer promising advancements in vulnerability management, they are not panaceas.
And it’s not just about relying on new technologies. Many of the security professionals our research team surveyed were looking at other areas to improve their cybersecurity efforts, like adopting the continuous threat exposure management (CTEM) framework. They cited that CTEM can let them stay ahead of threats by continuously monitoring their IT infrastructure for vulnerabilities—compared to traditional periodic assessments.
Like anything in business, the path forward requires a balanced approach: leveraging technology’s strengths while remaining vigilant to its challenges. This way organizations can experiment with new technologies to bolster their posture without compromising their day-to-day operations.
While AI and automation offer great promise, teams must wisely wield these new tools. Security teams must focus-in and adapt to the rapid changes AI brings, ensuring they remain one step ahead in the ever-evolving battle against cyber threats.
Yoran Sirkis, chief executive officer, Seemplicity
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
