Backslash Security Finds AppSec Teams Stuck in Catch-up Cycles with Outdated Methodologies
Backslash Security, a cloud-native application security solution for enterprise AppSec teams, released a new research study in May 2023, titled “Breaking the Catch-up Cycle: The New Cloud-Native AppSec Paradigm Survey Report.” The study explores the state of application security and its evolution with the rise of cloud-native application development. The research surveyed 300 security professionals from US companies with at least 1,000 employees and equally split be 通過 een CISOs, AppSec managers, and AppSec engineers. The report reveals that AppSec teams are struggling to keep up with the rapid pace of cloud-native application development, spending most of their time chasing vulnerabilities and playing a defensive security game that is both unproductive and costly.
The AppSec Catch-up Game
According to the report, 58% of respondents spend over 50% of their time chasing vulnerabilities, and 89% of respondents waste at least 25% of their time chasing vulnerabilities. The “defensive tax” brought by employing AppSec engineers continuously chasing vulnerabilities and neglecting a comprehensive cloud-native AppSec program annually costs upwards of $1.2 million.
AppSec professionals are losing faith in prevailing AppSec tools that haven’t kept up with cloud-native app development’s pace. Surveyed organizations experienced multiple issues with today’s AppSec technologies, including growing friction be 通過 een AppSec and dev teams (39%), inability to generate revenue (39%), and failure to retain high-value dev talent (38%) and AppSec talent (35%). Respondents also cited the considerable time spent prioritizing findings (48%) and noisy existing AppSec tools (45%), which was a significant complaint. Static application security testing (SAST) and dynamic application security testing (DAST) are declining in popularity, with just 32% of respondents stating extensive use of these standards.
Urgent Need for a Modern Cloud-Native AppSec Paradigm
The report advocates for a new AppSec paradigm that supports cloud-native development in modern organizations. The new AppSec paradigm must map a clear path to cloud-native AppSec success characterized by end-to-end visualization of all microservices, automatic identification and prioritization of real risks, and intelligent triaging and remediation. The report indicates that 82% of respondents agree that automating threat model visualization will both save time and assist AppSec teams in analyzing cloud-native application risks. respondents cited the importance of correlating application security risks with the application’s exposure to the outside world, with 91% deeming it an essential capability. Similarly, 91% believe it is essential to differentiate be 通過 een general code weaknesses and critical vulnerabilities. Respondents ranked eight out of nine critical modern cloud-native AppSec paradigm capabilities as either “critical” or “important.”
Cloud-Native Enablement Gap
Despite organizations reporting the significance of differentiation be 通過 een risks and noise (85%), only 38% of respondents said they were enabled to do so. Other gaps include “correlating security findings to the developer or dev team responsible for the fix” (78% vs. 43%), “meeting compliance standards” (78% vs. 38%), and “efficient triaging be 通過 een Dev and AppSec” (73% vs. 42%). Respondents reveal that enablement is profoundly lacking in all the critical capabilities.
Urgent Action Required to Address Cloud-Native AppSec Needs
Shahar Man, co-founder and CEO of Backslash, says that the report sends a message of urgency regarding the need for a unified approach to application security that will eliminate the friction be 通過 een development and AppSec teams, improve innovation and talent retention, and accelerate growth. Given the accelerated pace of digital innovation across enterprises of all sizes and the blurred lines be 通過 een AppSec and CloudSec, enterprises must prioritize cloud-native AppSec to bridge the gaps that threaten their growth and competitiveness.
Editorial
As cyber threats, including data breaches, cyber attacks, and privacy violations, increase, companies must prioritize a comprehensive cloud-native AppSec program that maps a clear path to modern standards. An effective AppSec solution requires constant enablement and unified solutions that address the friction be 通過 een AppSec and dev teams. With the rise of cloud-native architecture, it is crucial to update AppSec tools and methods to keep pace with the changing technology. Failure to do so could result in losing valuable talent, deteriorating competitiveness, and revenue loss, among other problems.
Advice
As a CISO, AppSec Manager, or AppSec engineer, you must understand the importance of a unified, comprehensive cloud-native AppSec program. To remain competitive and secure, ensure that your organization prioritizes cloud-native AppSec by employing a secure, cloud-native application security solution. Additionally, AppSec teams should embrace modern AppSec standards, including end-to-end visualization of all microservices, automatic identification and prioritization of real risks, and intelligent triaging and remediation, to address the recurring gap be 通過 een AppSec enablement and cloud-native development pace.
<< photo by Caspar Camille Rubin >>
You might want to read !
- Security Expert Lea Kissner Joins Lacework as New CISO
- “FluHorse”: The Latest Android Malware Preying on East Asian Markets with Sneaky Strategies
- The Synergies and Implications of XM Cyber’s Confluera Acquisition
- “RedLine Malware: The Threat of Rogue AI Tools and How to Stay Safe”
- Navigating the Terrain of AI Security: 10 Types of Attacks CISOs Must Watch Out For
- The New Face of Ransomware: Paying for Data Recovery by Donating to Charity
- Breaking Down Data Siloes: The Key to Effective SecOps
- The Fight for Network Security: Can Dr. Active Directory Beat Mr. Exposed Attack Surface?
- “npm: A Repeating Target for Malware Attacks”