Palo Alto Cortex Xpanse Researchers identify missing metric for a modern SOC
Palo Alto Cortex Xpanse research team spent the first three months of 2021 monitoring the activities of attackers to better understand how much of an edge adversaries have in detecting systems that are vulnerable to attack. They followed a benchmark that they call “mean time to inventory” (MTTI), which is simply how long it takes somebody to start scanning for a vulnerability after it’s announced.
Xpanse research found 79% of observed exposures occurred in the cloud. The cloud is inherently connected to the internet and it’s surprisingly easy for new publicly accessible cloud deployments to spin up outside of normal IT processes, which means they often use insufficient default security settings and may even be forgotten. "Asset leak is likely inevitable when an expanding cloud attack surface is combined with more traditional factors that bypass change control (such as mergers and acquisitions), supply chain and the Internet of Things. But that doesn’t mean enterprises should accept the risk. Tracking an ever-changing infrastructure landscape is an almost impossible task for humans and requires an automated approach, both to discover unknown assets and ensure they are secure," Palo Alto researchers say.