The vast majority of security alerts are benign and do not impact critical assets, according to new research from XM Cyber, a hybrid cloud security provider.
Indeed, some 75% of security exposures do not put organizations' critical assets at risk, and most of these them are not particularly relevant to an organization. But there are a few that put more than 90% of their critical assets at risk, the study determined.
XM’s latest research, which analyzed more than 60 million exposures from more than 10 million entities, both on-premises and in the cloud, revealed that the average organization has 11,000 exploitable security exposures in a given month with up to 250,000 exposures in larger enterprises.
This highlights the need for more efficient exposure remediation in order to remain ahead of the attack curve, XM said.
Examining the Risk Environment
XM’s researchers uncovered that 75% of exposures along attack paths lead to "dead ends" that cannot impact critical assets and therefore represent minimal risk. Only 2% of security exposures are actually located on "choke points," that being entities through which multiple attack paths converge enroute to critical assets.
By focusing efforts on remediating exposures on these choke points, organizations can maximize risk reduction while minimizing remediation workload amongst security and IT teams, the hybrid cloud security provider’s researchers said.
As Zur Ulianitzky, XM Cyber researcher vice president, explained:
"Security teams are inundated with increasing volumes of alerts and attackers are actively exploiting this. Threat actors are not working any harder than they have to, and most find success with attack paths which are simple, short and lead straight to fruitful returns. By diligently focusing remediation efforts on first and foremost eliminating the 2% of exposures which provide attackers with seamless access to critical assets, organizations can significantly reduce their risk without adding any additional strain to security teams."
Credentials and Permissions a Favored Attack Vector
The research also reveals that attack techniques targeting credentials and permissions affect 82% of organizations. Still, many continue to overlook attack paths that leverage credentials and permissions, XM said.
The research also shows that attackers easily pivot from on-premises to cloud networks and the importance of having strong security controls for both environments. Roughly seven in 10 organizations have exposures in their on-premises networks that put their critical assets in the cloud at risk.
Ulianitzky explained how organizations face tough challenges in managing their diverse on-premises and cloud environments, often failing to consider the bigger picture and only focusing on each piece in isolation:
"Once attackers infiltrate cloud environments, it's easy for them to compromise assets. Cloud security is not yet mature, and many security teams don't fully understand what security issues they need to look for."
