SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cloud Security
#
Advanced Persistent Threat Protection
#
Financial Systems

Too many cloud security tools harming incident response times - survey

Yesterday
Author image
By Catherine Knowles, Journalist

A recent survey has identified significant challenges faced by enterprises in managing cloud runtime security, revealing that an increase in the number of security tools can lead to poorer security outcomes.

The survey, conducted by ARMO, collected responses from over 300 stakeholders involved in security operations and cybersecurity leadership. The findings point to a paradox: while organisations deploy multiple cloud security tools in an attempt to strengthen defences, this often results in operational inefficiencies and an overall decline in cloud runtime security.

According to the data, security teams are inundated with an average of 4,080 alerts each month regarding potential cloud-based incidents. However, in stark contrast, respondents reported experiencing just 7 actual security incidents per year. This enormous volume of alerts - compared to the small number of real threats - creates what ARMO describes as a very low signal-to-noise ratio.

The survey found that security professionals typically need to sift through approximately 7,000 alerts to find a single active thread. The excessive "tool sprawl" has been cited as a primary factor: 63% of organisations surveyed reported using more than five cloud runtime security tools, yet only 13% were able to successfully correlate alerts across these systems.

Shauli Rozen, Chief Executive Officer and Cofounder at ARMO, commented on the findings: "Over the past few years we've seen rapid growth in the adoption of cloud runtime security tools to detect and prevent active cloud attacks and yet, there's a staggering disparity between alerts and actual security incidents. Without the critical context about asset sensitivity and exploitability needed to make sense of what is happening at runtime, as well as friction between SOC and Cloud Security, teams experience major delays in incident detection and response that negatively impacts performance metrics."

Data from the survey demonstrates that it takes an average of 7.7 days - and in some cases up to 30 days - to correlate alerts that are spread across tools and organisational silos. These delays contribute to slower mean time to detection (MTTD) and mean time to response (MTTR), increasing the risk of blind spots and missed threats.

Nearly half of the respondents (46%) acknowledged suffering from alert fatigue, while 45% reported that false positives are a consistent problem. The overwhelming number of alerts, many of which are not actionable, reduces the ability of security teams to respond swiftly and efficiently to genuine incidents.

Of those surveyed, 89% said current processes fail to detect active threats, a statistic that illustrates the challenges of managing cloud security in complex environments with fragmented toolsets. The majority of respondents - 92% - believed that adopting unified cloud runtime security solutions could significantly enhance incident response efficiency and provide better context for alerts, which could improve response times.

Ben Hirschberg, Chief Technology Officer and Cofounder at ARMO, commented: "The survey results underscore a consensus among cybersecurity professionals on the value of adopting cloud-native security models and purpose-built tools designed for cloud environments to create a more cohesive security operation that meets the demands of today's cloud-native environments. As organizations adapt to address the unique challenges of cloud-native security, focusing on enhanced visibility and automated threat detection and response is essential for strengthening their overall security posture."

The survey also highlighted challenges related to internal organisational structure. Rather than improving security response, dedicated cloud security teams often create additional barriers. 38% of respondents named the Cloud Security team as their most difficult collaboration partner during incident response, followed by the Platform team at 31%.

This finding suggests that while establishing dedicated cloud security units may have been suitable when cloud technology was less mature, these organisational silos now create obstacles. The division fragments visibility and complicates communication, resulting in higher MTTD and MTTR rates.

The full report, titled "The State of Cloud Runtime Security", provides further detail on these challenges as well as insights into potential strategies for organisations seeking to improve their security operations in cloud environments.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cloud security gaps widen as AI threats outpace defences
Portnox & CrowdStrike team up for real-time access control
Bitdefender unveils GravityZone tool for easier compliance
AI accelerates ransomware threat as attacks surge globally
Retail cyber-attacks surge as weak defences lure criminals
Top stories
Global survey finds gaps leave cloud security dangerously exposed
Healthcare faces surge in cyberattacks & AI-driven threats
Cobalt unveils platform updates to streamline pentesting workflows
N-able launches free global UEM certification for IT staff
Claroty adds business-centred risk tools to xDome platform