Story image

AlienVault survey finds cloud & IoT security is ‘complex and chaotic’

03 Apr 17

An AlienVault survey of 974 RSA attendees found that although 39% are using more than 10 different cloud services, their security monitoring is nothing short of ‘complex and chaotic’.

21% didn’t know how many cloud applications they use, 42% were concerned about lack of visibility and yet 47% would rather monitor a cloud environment than one that was on-premise.

Alienvault says that one third of attendees described their security as ‘complex and chaotic’, which indicate that there’s a major disconnect between organisations’ actions and beliefs about cloud security and IoT.

“The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way. If data is misused, or inadequately protected, the consequences can be severe,” comments Javvad Malik, security advocate at AlienVault.

The survey found that 62% worry about IoT devices and 45% believe IoT benefits outweigh the risks.

43% of those who did use IoT stated that they didn’t monitor network traffic at all. 20% weren’t sure.

 “According to the survey findings, many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring – leaving their company at greater risk of attack.”

Many respondents didn't know what decisions are being made about monitoring cloud security threats. 40% said their team was not always consulted before a cloud platform is deployed. This means there was no guidance, advice or due diligence.

“Most organisations are drowning in ineffective preventative measures and draining resources with investments in expensive, disjointed solutions. This unfortunate combination is likely a tremendous factor in producing the chaos, complexity and confusion experienced by so many companies,” Malik says.

47% were concerned that malware is the highest concern for cloud security.  42% of respondents said there’s a lack of visibility in their cloud systems. 21% were worried that their cloud services are producing too many logs.

AlienVault says this last point highlights problems with cloud audits after an incident has taken place.

“It’s time for organisations to focus on what they do have control over – threat detection and incident response – and implement a unified solution that can monitor on-premises, cloud and hybrid environments. Simplifying security in this way enables companies to immediately identify and respond to threats, and in today’s cybersecurity landscape, this is the best strategy to mitigate risk,” Malik concludes.

AlienVault provides Unified Security Management and crowdsourced threat intelligence. 

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.