Report: 75% of CISOs worry about vulnerabilities during app production

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

New research from Dynatrace found that 75% of CISOs still fear that too many vulnerabilities creep into app production despite multi-layered security systems, but only 37% of organizations have runtime vulnerability management capabilities.

At a time when CISOs face far more complexity, the need to combine security and the kind of visibility that detects attacks and vulnerabilities in real time has never been greater. Dynatrace’s research shows a multi-layered security strategy isn’t enough to prevent vulnerabilities from finding their way into app production. In today’s world of multicloud environments, multiple coding languages and open-source software, vulnerability management has become dramatically more challenging. 

Despite the existence of a multi-layered security strategy, persistent coverage gaps still allow vulnerabilities to enter production, according to 75% of the chief information security officers (CISOs) surveyed. However, only 37% of organizations have runtime vulnerability management capabilities. Cloud-native delivery practices improve business agility but also inject more complexity into vulnerability detection. 

Source: Dynatrace

The emergence of recent critical vulnerabilities, including Log4Shell, highlight the problem and the need to combine security with observability, which would lay the foundation for effective new AlSecDevOps practices. The report illustrates now more than ever the necessity of bolstering security practices with the kind of visibility that leads to the detection of runtime vulnerabilities and thwarting of real-time attacks.  

Nearly 80% of CISOs say automatic, continuous runtime vulnerability management is key to filling the gap in the capabilities of existing security solutions. At the same time, only 25% of security teams have the ability to access accurate, continuously updated reports of every app and code library running in production.The findings are based on an independent global survey of 1,300 CISOs conducted by Coleman Parkes in April 2022 and commissioned by Dynatrace. The sample included 200 respondents in the U.S., 100 each in the UK, France, Germany, Spain, Italy, the Nordics, the Middle East, Australia, and India, and 50 each in Singapore, Malaysia, Brazil, and Mexico.

Originally appeared on: TheSpuzz