Palo Alto Cortex Xpanse Researchers identify missing metric for a modern SOC

May 24, 2021

Palo Alto Cortex Xpanse research team spent the first three months of 2021 monitoring the activities of attackers to better understand how much of an edge adversaries have in detecting systems that are vulnerable to attack. They followed a benchmark that they call “mean time to inventory” (MTTI), which is simply how long it takes somebody to start scanning for a vulnerability after it’s announced.

Xpanse research found 79% of observed exposures occurred in the cloud. The cloud is inherently connected to the internet and it’s surprisingly easy for new publicly accessible cloud deployments to spin up outside of normal IT processes, which means they often use insufficient default security settings and may even be forgotten. "Asset leak is likely inevitable when an expanding cloud attack surface is combined with more traditional factors that bypass change control (such as mergers and acquisitions), supply chain and the Internet of Things. But that doesn’t mean enterprises should accept the risk. Tracking an ever-changing infrastructure landscape is an almost impossible task for humans and requires an automated approach, both to discover unknown assets and ensure they are secure," Palo Alto researchers say.

Vishal Jain, Co-Founder and CTO at Valtix, says, "I’m not at all surprised at the findings - connectivity in the cloud is ubiquitous, but more importantly, the cloud environment is dynamic. Instantaneous app deployment, responsive infrastructure and self-serve is the norm in the cloud. Such a dynamic environment is a poor fit for security capabilities built during a time when infrastructure was static, and change was highly controlled. So yes, ever-changing infrastructure requires automation, and extensive visibility, but also a different set of assumptions than was common when appliance-based solutions were developed."

"What needs to be done to secure this is the creation of a strong cyber asset management program. Traditional CMDB technologies haven't made the leap to cloud native, and as such, can't properly collect and continuously detect changes in those infrastructure instances," says Tyler Shields, CMO at JupiterOne. "Additionally, the speed at which companies are moving to the cloud is really making the growth of cloud native assets explode. If you don't have a good grasp of your cyber asset infrastructure, and how those infrastructure components all inter relate to each other, it's going to be impossible to secure that environment. This is evidenced by the research done at Expanse.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.

In this webinar, we review the results of a benchmark study that asked security professionals about their past, present and future outlook on manned guarding. Want to know what your peers are saying about their weekly billed hours? Join us to find out!

Poll

Comparison Metrics

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Palo Alto Cortex Xpanse Researchers identify missing metric for a modern SOC

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Palo Alto Cortex Xpanse Researchers identify missing metric for a modern SOC

Related Articles

Related Products

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.