“This research offers insights into the priorities of security leaders, the day-to-day struggles they face and their ambition to support the business through change,” said Ashok Sankar, Vice President of Product and Solutions Marketing at ReliaQuest. “While it’s positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like Zero Trust – which can be a multi-year journey – it’s important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren’t sexy, but they are the building blocks of a resilient security program.”

Sankar added: “As organizations seek to digitally transform their business and adapt to hybrid work, it’s critical that security teams are not only aligned on goals, but also have the proper resources to drive resilient security operations, setting the enterprise up for long-term success.”

Key insights include:

Security leaders are committed to a stronger risk-based security posture

• 57% of respondents are prioritizing securely migrating applications to the cloud.
• Almost half (49%) of security leaders are enabling DevSecOps best practices.
• 48% of organizations surveyed are prioritizing implementing Zero Trust principles as part of their security strategy.

Security teams are not aligned on their security program or metrics

• The primary obstacle to implementing an IT security risk management program is a lack of standardized metrics to measure progress (64%), followed by the lack of a risk management strategy and decision-making structure (58%).
• 58% of respondents say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to attacks, but only 31% consider developing a risk-reduction program a top security priority.
• Only a third (37%) of those surveyed believe that their teams are tracking the right security metrics and that it is easy to communicate them to business executives and board members.
• Only about half (49%) rate developing business goal–oriented metrics as one of the top priorities for the next year.

Security teams are inhibited by process and operational inefficiencies

• 31% of respondents report their security staff spends at least 3 hours a day manually administering and managing (optimization, writing rules, integrating) tools.
• The majority (57%) of organizations have one staff member managing more than four tools in their organizations. Only 17% have one staff member assigned to manage a single tool.
• 52% agree that their team is spending too much time on data collection activities instead of threat detection and analysis.

Poor enterprise-wide visibility is the main culprit behind risk exposure

• Only 13% say they have more than 75% visibility across all security tools, including on-premises and the cloud. 69% believe they have less than 50% visibility across all security tools, including on-premises and the cloud.
• Only about one-third (36%) say they are measuring visibility across the environment, including on-premises and the cloud.

The full report is available to download here.

Ponemon Research and ReliaQuest will host a webinar to review the findings in greater detail. To register for the online webinar, please visit online experiences.

Methodology
More than 1,000 security leaders were surveyed in the United States (632) and United Kingdom (391) who are familiar with the organizations’ security operations and strategy. Participants in this research are knowledgeable about their organizations’ efforts in attaining a risk-oriented security posture. Most respondents are involved in implementing solutions (61 percent) followed by evaluating solutions (48 percent). The report presents the consolidated U.S. and U.K. research findings.

Image licensed by pexels.com

Related News:

ReliaQuest Awarded Patent Recognizing Data Comparison Capabilities

Survey Finds 76% of Enterprises Have Already Adopted a Multi-Cloud Strategy According to HashiCorp’s Inaugural State of Cloud Strategy

The post Organizations Are Prioritizing Cybersecurity Initiatives But Are Dragged Down By Lack Of Fundamentals, New ReliaQuest Study Reveals appeared first on Digital IT News.

“Traditionally, information security was a bottleneck in software delivery,” said Timm Hoyt, global vice president of partners & alliances at PagerDuty. “This new integration will not only help remove this bottleneck but help organizations thrive when resolving incidents. We’re proud to partner with JFrog and provide a solution that helps teams manage urgent, mission critical work that is essential to keeping digital services always on.”

By the JFrog Xray-PagerDuty integration, DevSecOps teams can receive PagerDuty notifications for open source security vulnerabilities and license compliance violations detected by Xray’s continuous scanning of packages and container images to quickly fix the issues. PagerDuty can then turn any security or license policy alert into an incident report. This is useful to proactively manage security and compliance across the software development and release lifecycle, customize notifications, and receive a continuously updated list of impacted components and their associated dependencies.

With JFrog Pipelines and PagerDuty, users can simplify and streamline how to identify faulty builds that impact production environments. IT operators can quickly detect incidents, determine root causes, roll back builds and shrink resolution time. This helps IT operators and developers become more productive, determine what has changed within their environment, and makes them better able to prevent outages and increase the uptime, stability and reliability of business-critical applications and digital services.

“We are excited to partner with PagerDuty. The integration of our leading solutions — the end-to-end, universal DevOps Platform from JFrog, and PagerDuty’s digital operations management capabilities — enable DevOps teams with powerful observability and incident management throughout the DevOps lifecycle,” said Steve Chin, Vice President of Developer Relations, JFrog.

To learn more about the integration of JFrog and PagerDuty products, register for PagerDuty Summit from June 22-25, 2021 and tune in for the session “The Power of AIOps” by Mitra Goswami.

Image licensed by stocksnap.com

Edge Delta Releases Intelligent Observability Pipelines for DevOps, Security, and SRE teams

DevOps Institute Announces the ‘Upskilling 2021: Enterprise DevOps Skills Report’

The post PagerDuty and JFrog Announce Integrations for DevOps & Security Lifecycle appeared first on Digital IT News.

Incumbent legacy static approaches employ noisy rule sets to look for code quality issues. This outside-in approach generates immense volumes of security findings that become increasingly more time- and resource-intensive to manage. This is exacerbated due to the number of distracting false-positive alerts that kill productivity—upwards of 85% in many instances. For newer developer-friendly code scanning tools, application security shifts left too far, exacerbating the problem of false positives and leaving developers with no context on prioritization or how-to-fix guidance. In response, two-thirds of practitioners who rely on legacy static scanning indicate they are looking for a different approach to application security.

Contrast Scan aims to solve these challenges with a pipeline-native approach that achieves dramatic improvements in speed, accuracy, and developer experience, accelerating digital transformation by removing inefficiencies and roadblocks that slow release cycles. Onboarding with Contrast Scan is quick and easy—requiring zero configuration and literally three clicks to get findings. Further, as Contrast Scan is integrated as part of the Contrast Application Security Platform, organizations have a unified, developer-friendly view of vulnerabilities and attacks with harmonized security profiles across SAST, interactive application security testing (IAST), runtime protection and observability, and software composition analysis (SCA), all in one DevSecOps platform.

Key benefits of Contrast Scan include:

• Results that matter delivered 10x faster. A breakthrough demand-driven algorithm powers the static analysis engine in Contrast Scan, enabling teams to pinpoint exploitable vulnerabilities while ignoring those that pose no risk. As a result, based on real-world scan results, Contrast Scan can shrink the amount of time to run scans by 10x. Faster scans remove DevOps security roadblocks that slow innovation, improve the efficiencies of security and development teams, and reduce the operating expenses (OpEx) of scanning.

• 45x faster remediation times. When used in concert with the broader set of capabilities in the Contrast platform, Contrast Scan accelerates remediation times by an astounding 45x. This is achieved by enabling developers to focus on exploitable flows, prioritize routes with entry points based on runtime and production traffic analysis, and leverage actionable remediation guidance. All of this pays down security debt, which results in reduced application security risks.

• 30% improvement in application security efficiencies. By integrating pipeline-native static analysis security testing into the Contrast Application Security Platform, application security teams can improve scan, triage, and remediation efficiencies by up to 30%. Contrast’s comprehensive DevSecOps approach bakes security into rapid-release cycles that are typical of modern application development and deployment environments. It also offers complete coverage of the DevSecOps life cycle with application tools optimized from build to production. This streamlines compliance reporting—often shrinking the time to demonstrate security policy compliance from days to minutes.

Today’s organizations should not be forced to choose between speed and security. With the addition of Contrast Scan, the Contrast Application Security Platform now offers a path to DevSecOps that allows organizations to secure any application anywhere—from a developer’s desktop, at a release gate, or in instances of production. The Contrast platform was purpose-built to deliver true DevSecOps with SCA, application security testing (AST), and exploit prevention capabilities using instrumentation across the entire SDLC.

“Contrast Scan is a game changer for both application security and application development teams,” said Steve Wilson, Chief Product Officer at Contrast Security. “It allows teams to get unprecedented observability into their applications’ threat landscape early in the development life cycle—without all the noise of traditional static scanning tools. This means organizations’ applications will remain more secure while enabling them to maintain the agility of their development teams.”

Image licensed by: pixabay.com

Related News: 

PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords

NortonLifeLock Unveils Norton Crypto

The post Contrast Security Extends DevSecOps Platform With Revolutionary Technology to Find Vulnerabilities That Matter 10x Faster appeared first on Digital IT News.

The post Anchore Announces New Partner Program to Meet Growing Demand for DevSecOps appeared first on Digital IT News.