As the enterprise SecOps teams increasingly take control of proactive risk reduction, the security posture fatigue will grow to be an immensely important challenge.
Security operation teams are overwhelmed and under pressure, tackling the emerging risks associated with the COVID-19 crisis. However, advances in cloud SIEM, along with the fusion of AI events, alerts, and logs, have empowered SecOps teams to finally go ahead of common threats. They also are automating as much of the day-to-day repetitive investigation work as possible, to rapidly expand the footprint of the digital enterprise. And, this has opened up a new headache associated with security posture fatigue.
The high-performing SecOps teams inform about their threat hunting, confirming that their role has evolved to become more complex. Consequently, the desire to add another threat detection tool to an environment that generates alerts that need to be investigated and actioned isn’t high on the product purchase wish list. Organizations are driving hard in order to consolidate threat protection/detection capabilities to reduce the number of products and vendors to pursue integrated suite solutions where they can— to reduce overall alert triage and noise time.
Increased role of security in adopting cloud platforms
Although threat response and detection are being tamed, SecOps teams continue to battle out the enterprise sprawl. Business departments and units are adding new workloads in a more diverse range of environments—private cloud, corporate WAN, public cloud, third-party SaaS platforms, CI/CD pipelines, manufacturing floors, etc.—each of which requires a mix of ad hoc as well as tailored security configuration management, policy configuration, and posture monitoring. As a result, it has become increasingly challenging for SecOps teams and CISO organizations to tackle basic questions regarding their compliance and vulnerabilities.
To tackle this problem, security policy posture management is increasingly becoming a centralized function across enterprises.
This the diverse environment in which enterprises operate and conduct business with required tooling for security posture management and risk reduction. And for the past decade, the tools that can provide risk assessments, posture metadata, and security policy lapses have grown.
The broad mix of work environments with a wide variety of security posture management products and fragmented tool capabilities has not only lead to an inundation of security posture alerts but has also added new dimensions and complexities to policy enforcement and risk-reduction orchestration —causing posture fatigue as SecOps teams who are overwhelmed with the new and disparate datasets.
As more modern work environments have proved to be capable of security configuration management orchestration – there is enhanced pressure on vendors to modernize multiple products used in older enterprise environments. Enterprise Risk Management (ERM), Integrated Risk Management (IRM), Vulnerability Assessment Management (VAM), Application Performance Management (APM), Security Configuration Management (SCM), etc., are product categories suitable for consolidation across diverse workload environments as the posture lapses grow.
The Certified Security Project Manager has enhanced the manageability and visibility of business risk reduction and security posture management of enterprise workloads within the public cloud environments. The challenge ahead is to gather similar capabilities across the full estate of diverse enterprise operating environments.
As SecOps teams increasingly take on a proactive risk reduction, their vocabulary expands from security threats to encompass posture lapses, and posture fatigue will grow.