Stretched IT security teams threaten to become overwhelmed by the number of assets they must defend, especially those in the cloud, according to JupiterOne.
The security vendor analyzed 370 million assets at nearly 1,300 organizations to compile its 2022 State of Cyber Assets Report.
These cyber assets could include cloud workloads, devices, network assets, applications, data assets, and users. The average security team is responsible for managing over 165,000 of these, the report warned.
That amounts to 500 cyber assets for every human employee, making automation a must for effective security.
Much of the challenge centers around the cloud, which accounted for 90% of device assets and 97% of security findings, according to the report. Although cloud network assets outnumber physical networks by nearly 60:1, analysis of 10 million security policies found that less than 30% were cloud specific.
Devices including hosts and agents outnumbered human staff by a ratio of 110:1, with the average sized team responsible for managing 32,190 devices.
Dynamic network architectures also represent an increasing challenge to security teams. The report claimed that static IP addresses now comprise less than 1% of network assets, with dynamic network interfaces accounting for 56%.
JupiterOne also warned of mounting supply chain risk exposure. Analysis of 20 million application assets found that just 9% were developed in-house, with 91% of code developed by third parties.
Cloud-native development, microservices and scale-out architecture have had a major impact on overworked, understaffed and under-skilled security teams, argued the vendor’s field security director, Jasmine Henry.
“Enterprise asset inventories have changed significantly, and for the first time in history, assets are not necessarily deployed by humans. The landscape demands new, automated approaches to attack surface management,” she added.
“The major cybersecurity headlines last year included some terrifying software supply chain vulnerabilities from enterprise sources like SolarWinds and open-source software like Log4j. In fact, software supply chain security became nearly unmanageable for security teams in 2021, and the state of cyber assets in 2022 shows why.”