Oomnitza reveals its 2022 Attack Surface Management Maturity Report
Oomnitza, the leading provider of Enterprise Technology Management (ETM) solutions, revealed a new survey, “The 2022 Attack Surface Management Maturity Report” conducted by Cybersecurity Insiders, which found that most enterprises (60%) have low confidence in their ability to manage attack surface risk. The majority of respondents felt that their organization had poor asset inventory intelligence, which impacts security posture improvement.
According to a February 2022 GartnerⓇ report, “Organizations need to look beyond vulnerability patching to manage a wider set of security ‘exposures.’ A dramatic increase in attack surface is emerging from changes in the use of digital systems, including new hybrid work, accelerating use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and greater use of operational technology.”*
In a rapidly changing technology environment where cybersecurity leaders are now dealing with a hybrid workplace, hybrid cloud, and digital business growth, the ability to manage cyber risk has become more challenging. In fact, Oomnitza’s report found that while 64% of organizations support a hybrid workplace, more than half (53%) witnessed their remote workforce deviating from security policy. In addition, 80% of organizations are pursuing hybrid or multi-cloud infrastructure strategies while experiencing compliance, infrastructure, and misconfiguration visibility and control automation issues.
When it comes to enterprise technology management, 40% of organizations have visibility of only 50-75% of their assets with inconsistent inventory, ownership, type, and lifecycle state information. In response to a changing technology and threat landscape, 46% plan to move to a platform approach to secure their IT estate.
“We are pleased that our report shares current attack surface management trends, challenges and issues, and where organizations can mature capabilities, ” said Arthur Lozinski, CEO and Co-Founder of Oomnitza. “Clearly organizations must consider how to better leverage their endpoint, application, network infrastructure, cloud, and security management tools to improve their security posture and cyber resilience – highlighting the need for a platform approach to enterprise technology management.”
The Attack Surface Management Maturity report, compiled from a survey of 351 qualified respondents, was independently produced by Cybersecurity Insiders, a 500,000 member online community of information security professionals. Other key findings of the report include:
- More than half of organizations (60%) have low confidence in their ability to manage attack surface risk. In addition, over the past 12 months, nearly a third experienced security issues that resulted in reduced worker productivity and reduced business activity, with 21% experiencing increased incident response expenditure
- 84% of organizations lack a unified view of the hybrid IT security posture, while 55% of respondents showed poor asset inventory intelligence and 70% expressed moderate patch management efficacy
- Nearly two-thirds indicated they have had asset inventory management issues concerning network infrastructure, malware, and configuration compliance
- Security leaders and practitioners are undecided (39%) whether it comes to replacing siloed management tools. The response appeared to favor (46%) incorporating a centralized platform to progress their attack surface management capabilities while keeping existing IT tools for managing specific technologies
To download the survey infographic, please visit www.oomnitza.com/2022ASMinfo. The full report is available here. To gain more insight on the survey findings and to learn more about how to modernize attack surface management, join our expert/practitioner webinar on June 23 at 10am PT, by registering here.
The research, conducted by Cybersecurity Insiders and published in June 2022, surveyed 351 information security professionals in enterprise organizations across multiple industries in the United States. The survey represented a balanced cross section of industries, including financial services, technology, healthcare, education, professional services, and government. Half of those surveyed were in companies of greater than 5,000 employees, and 20% from companies of more than 10,000 employees. While 44% of respondents were within the information security department, nearly half of those surveyed comprised senior and executive management roles.
*Gartner Inc., “Top Trends in Cybersecurity 2022”, Published February 18, 2022, Peter Shoard. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Oomnitza offers a versatile and automated Enterprise Technology Management platform that delivers multi-source visibility and control across endpoints, software, infrastructure, and cloud. Our SaaS solution, with rapid integrations, best practices, and no-code workflows, allows enterprises to leverage their existing systems to gain unified asset inventory analytics, standardize lifecycle processes, and ensure security and compliance. We help some of the most well-known and innovative companies to optimize business resources, mitigate cyber risk, expedite audits, and fortify digital experience. Learn more at Oomnitza.com.
All trademarks, logos and brand names are the property of their respective owners and referenced for identification purposes only without implying endorsement.
10 Fold Communications