Study on Web Security Security risk False alarm
Although the number of cyber attacks continues to rise, companies often turn off their security tools or run them in monitoring mode for fear of false alarms. These are the results of a recent study commissioned by the platform provider Fastly.
Companies on the topic
False alarms pose a security risk in companies.
(Picture: tetxu – stock.adobe.com)
With an average of eleven tools and two million euros, companies protect their web applications and APIs annually, according to the results of the study” The turning point in web applications and API Security ” of the Enterprise Strategy Group (ESG), which was carried out on behalf of the platform provider Fastly. Despite these investments, these tools often cause more problems than they solve, according to the study. As a result, the false positives generated by the security solutions are as big a problem as successful attacks on security. According to the study results, almost half of all security alerts are caused by harmless business activities. 75 Percent of companies spend at least as much time on them as they do on actual attacks.
According to ESG market researchers, the results of the study reveal the urgent need for a unified and simplified security concept. Companies surveyed have been exposed to an average of 60 successful attacks in the last twelve months. Despite these threats, 91 percent of them shut down their tools or left them running in logging or monitoring mode because they were afraid of false positives. 82 Percent of those who disabled tools did so less than a month after implementation. If false positives could be avoided, 92 percent of respondents would prefer to run their security tools in blocking mode.
Half of companies say web application and API security is more difficult than it was two years ago. The main reasons for this are the shift to public cloud services and API-centric applications. Sixty-four percent of companies expect most or all of their applications to use APIs in the next two years, and are concerned about vulnerabilities, malware, and data exfiltration targeting these endpoints. While 93 percent of respondents plan to use a consolidated security solution from a single provider, only 1 percent currently do so.
“One of the biggest security challenges we see today is that technologies are evolving rapidly to better serve the growing demand for digital offerings. However, the security solutions that protect these technologies do not experience the same change and often erode the benefits of modern technology stacks, ” says Kelly Shortridge, senior principal technologist at Fastly“ “Security tools should drive innovation, provide reliable support, and bring together threat intelligence, rather than slowing build cycles and producing disconnected data that cannot be responded to.“
About the study