ARMO, the leading Cloud Runtime Security company and the creator of Kubescape, today announced the results of its inaugural ‘The State of Cloud Runtime Security’ survey. The survey uncovers critical challenges enterprises face in managing cloud security effectively.
Latest News:ย Tenable Appoints Eric Doerr as Chief Product Officer
The responses of over 300 SecOps stakeholders and cybersecurity leaders reveal that security teams face significant challenges due to an overwhelming volume of alerts, which results in a very low signal-to-noise ratio. In fact, the survey found that security teams must sift through roughly 7,000 alerts to find a single active threat. This is exacerbated by excessive tool sprawl which actively damages key performance indicators like mean time to detection (MTTD) and response (MTTR) by forcing security teams to manually piece together complete attack narratives across disconnected systems. This results in dangerous blind spots, inefficiencies and delays in identifying and responding to real threats.
“Over the past few years we’ve seen rapid growth in the adoption of cloud runtime security tools to detect and prevent active cloud attacks and yet, there’s a staggering disparity between alerts and actual security incidents,” saidย Shauli Rozen, CEO and Cofounder at ARMO. “Without the critical context about asset sensitivity and exploitability needed to make sense of what is happening at runtime, as well as friction between SOC and Cloud Security, teams experience major delays in incident detection and response that negatively impacts performance metrics.”
Key survey findings:
- 89%ย of respondents report that theirย current processes fail to detect active threats
- 46%ย of respondents grapple withย alert fatigue
- 45%ย reportย consistent false positives
- Organizations receive an average ofย 4,080 monthly alertsย about potential cloud-based incidents, yet experience onlyย 7 true security events per year
- 63%ย of organizations deployย more than five cloud runtime security tools
- Onlyย 13%ย of organizations successfullyย correlate alertsย between tools
- It takes anย average of 7.7 days, up to 30 days, to correlate alerts across tools and organizational silos
- 92%ย of respondents believe thatย unified cloud runtime security solutions would enhance incident responseย efficiency and contextualize alerts to further improve response times
“The survey results underscore a consensus among cybersecurity professionals on the value of adopting cloud-native security models and purpose-built tools designed for cloud environments to create a more cohesive security operation that meets the demands of today’s cloud-native environments,” saidย Ben Hirschberg, CTO and Cofounder at ARMO. “As organizations adapt to address the unique challenges of cloud-native security, focusing on enhanced visibility and automated threat detection and response is essential for strengthening their overall security posture.”
Read More onย CIO Influence:ย AI-Augmented Risk Scoring in Shared Data Ecosystems
The survey also reveals a counterintuitive organizational challenge: dedicated cloud security teams often impede rather than improve security response. A striking 38% of SecOps professionals identify the Cloud Security team as their most difficult collaboration partner during incidents, followed by the Platform team (31%). This finding suggests that while establishing separate cloud security teams (a practice adopted by 63% of companies) may have been a reasonable approach when cloud technology was emerging, it now creates problematic silos as cloud has become mainstream. These artificial boundaries fragment visibility, complicate communication, and increase MTTD and MTTR.
[To share your insights with us, please write toย psen@itechseries.com]
