Minimizing Security Risks through Effective Cyber Asset and & Exposure Management

Leave a reply

The purpose of this research is to gain insight into how organizations manage their cyber assets and exposures across the global attack surface through continuous discovery, prioritization and timely remediation.  Ponemon Institute surveyed 617 IT and IT security practitioners in the United States who are involved in managing and addressing the attack surface across the IT footprint and are familiar with their organizations’ approach to measuring and addressing cybersecurity risk.

Discovering and tracking cyber assets involves using specialized tools to automatically find, catalog, and monitor all devices (on-prem, cloud, remote) in the IT environment, creating a real-time inventory to manage vulnerabilities, ensure compliance, and defend against threats, often using scanning, API integrations, and traffic analysis to map the complete digital footprint.

The primary systems used to discover and track cyber assets are cloud providers (49 percent of respondents) and Configuration Management Database (CMD) or IT Asset Management Platforms (ITAM) (44 percent of respondents). A CMD is a specialized database used to store information about an organization’s IT assets, their attributes and their relationships. An ITAM platform is used to manage an organization’s technology hardware and software throughout their lifecycle.

Not used as frequently are vulnerability scanners (28 percent of respondents). Vulnerability scanner tools automatically find security weaknesses in networks, applications and systems by comparing configurations/software against vulnerability databases.

Recommendations from the research to improve cyber asset and exposure management practices

 Consolidation of assets and sensitive data improves the visibility into asset and sensitive data disclosed or left unprotected. Forty-five percent of respondents say their organization consolidates into a single view asset and sensitive data disclosed or left unprotected and accessible to unauthorized individuals or systems.

A unified cybersecurity platform offers benefits like centralized visibility, faster threat detection and response, reduced complexity, lower costs, and simplified compliance by integrating diverse security tools into a single system, providing a holistic view, automating tasks, and streamlining management, leading to a better security posture and operational efficiency.

The inability to identify missing assets requiring security controls is a risk with potentially serious consequences.  Not identifying missing assets can cause financial loss, legal penalties, operational disruption, and data breaches. Unidentified assets can be stolen, misused or lost, leading to compliance failures and reputational damage. Proactive tracking, robust documentation, and strict protocols are crucial to prevent these consequences. Less than half of respondents (46 percent) identify assets that are missing and require security controls.

More frequent updates of asset inventories and discoveries of inconsistencies are needed to minimize security risks. Only 30 percent of respondents say asset inventories or CMDBs are updated or reconciled daily (13 percent) or monthly (17 percent) and 37 percent say the frequency of finding inconsistencies in asset and sensitive data exposed due to duplicate records, conflicting names and values is daily (17 percent) or monthly (20 percent). As a result of not regularly updating their inventories or finding inconsistencies, less than half of respondents (48 percent) are very or highly confident that their organization has a comprehensive up-to-date list of all its hardware, software and data assets. Q10

The lack of effectiveness in prioritizing risks makes remediation of security exposures or data misconfigurations difficult. Respondents were asked to identify the one biggest challenges in remediating security exposures or misconfiguration data. Twenty-six percent of respondents say risk prioritization is unclear and 24 percent of respondents say there is no clear ownership of the issue.

Contextual data in risk prioritization enriches basic threat severity scores (like CVSS) with an organization’s unique environment, business impact, and threat intelligence to focus on the most critical risks. It provides actionable insights by layering details like asset criticality (e.g., PII data), network exposure (internal/external), and exploitability to identify the most urgent vulnerabilities for remediation. This approach prevents security teams from being overwhelmed by data by applying business logic to identify high-impact threats, ensuring resources are spent effectively on what matters most to the business. Only 23 percent of respondents say contextual data is always used and 26 percent of respondents say it is used frequently.

The Continuous Threat Exposure Management (CTEM) is a proactive cybersecurity approach that combines vulnerability management, attack surface management and validation to identify, prioritize and fix security risks. Respondents were asked to rate the alignment between the CTEM framework and asset and exposure management practices on a scale from 1 = not aligned to 10 = completely aligned. Fifty-two percent of respondents say alignment with CTEM is very or completely aligned (7+ on the 10-point scale).

One of the greatest constraints to SecOps’ ability to manage cyber assets and security exposures is complexity in the IT infrastructure. Sixty percent of respondents say reducing investments in security tools and the complexity of their organizations’ IT security infrastructure is very or highly important.

Only 28 percent of respondents say their organization has a formal SLA for all highly critical or critical vulnerabilities and 27 percent of respondents say there are no formal remediation timelines or SLAs. Vulnerability Remediation SLAs (Service Level Agreements) are defined timelines for fixing security flaws. These agreements set expectations, prioritize efforts, and improve collaboration between security and IT teams to reduce risk efficiently.

Part 2. Key findings

In this section, a deeper dive into the research is presented. The complete findings are shown in the Appendix. The report is organized according to the following topics.

  • Discovering and tracking cybersecurity assets and exposures
  • Prioritization of security exposures is a challenge
  • Organizations’ approach to security exposure remediation practices
  • Cyber asset and exposure management practices

Discovering and tracking cybersecurity assets and exposures

Consolidation of assets and sensitive data improves the visibility into asset and sensitive data disclosed or left unprotected. Forty-five percent of respondents say their organization consolidates into a single view asset and sensitive data disclosed or left unprotected and accessible to unauthorized individuals or systems.

A unified cybersecurity platform offers benefits like centralized visibility, faster threat detection and response, reduced complexity, lower costs, and simplified compliance by integrating diverse security tools into a single system, providing a holistic view, automating tasks, and streamlining management, leading to better security posture and operational efficiency.

Some 63 percent of these respondents say they have a unified platform that aggregates data from all sources. Fifty-eight percent of respondents use an internal script or a database/data lake that combines data from different tools.

To read the rest of these key findings and download the entire study, visit The Axonius website. 

Leave a Reply

Your email address will not be published. Required fields are marked *