Security hygiene and posture management has become increasingly difficult because of factors like a growing attack surface, the increased use of cloud computing, and the need to support a remote workforce. These factors can create security vulnerabilities that lead directly to cyber-attacks. Indeed, a majority of organizations have experienced at least one cyber-incident due to the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Unfortunately, this pattern will likely persist as most organizations continue to approach security hygiene and posture management with point tools, spreadsheets, and manual processes. Organizations are prioritizing spending on security hygiene and posture management, focusing on areas like continuous security testing, process automation, and increasing staff. Security professionals also aspire to consolidate disparate point tools into a security observability, prioritization, and validation (SOPV) architecture to gain a holistic perspective across all aspects of security hygiene and posture management.
To gain further insight into these trends, TechTarget’s Enterprise Strategy Group (ESG) surveyed 383 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools, among others.
Security Hygiene and Posture Management Remains Immature but Is Garnering More Attention
Biggest Security Hygiene and Posture Management Drivers
Security hygiene and posture management (SHPM) is a cybersecurity fundamental. Safeguarding any organization demands a thorough understanding of all assets, user identities and entitlements, how everything is configured, and the relationships between all the piecemeal parts.
Security professionals point to SHPM drivers like adhering to security standards and best practices (i.e., CIS critical security controls, ISO, NIST, etc.),
risk assessments, vulnerability monitoring, and gaining a better understanding of assets. More recently, security teams have focused on attack path mapping. This helps them truly understand an adversary mindset and prioritize risk mitigation actions that could expose sensitive systems and data.
See More Download E-Book
This article is posted at techtarget.com
Please fill out the form to access the content
