According to the latest report by software intelligence company Dynatrace, the speed and complexity created by using multicloud environments, multiple coding languages, and open source software libraries allow more vulnerabilities into production. Despite the widespread use of robust, multi-layered security approaches, just 28% of CISOs are confident applications have been thoroughly tested for vulnerabilities before going live in production.
This highlights the growing need for observability and security to converge so organizations have a more effective way of managing vulnerabilities at runtime, and the ability to detect and block attacks in real time.
A sample of findings from the research includes: 69% of CISOs say vulnerability management has become more difficult as the need to accelerate digital transformation has increased and 75% of CISOs say that despite having a robust, multi-layered security posture, persistent coverage gaps allow vulnerabilities into production.
More than three-quarters (79%) of CISOs say that automatic, continuous runtime vulnerability management is key to filling the gap in the capabilities of existing security solutions. However, just 4% of organizations have real-time visibility into runtime vulnerabilities in containerized production environments. The report said that only 25% of security teams can access a fully accurate, continuously updated report of every application and code library running in production in real time.
On average, organizations receive 2,027 alerts of potential application security vulnerabilities each month. Also, less than a third (32%) of the application security vulnerability alerts organizations receive each day require action, compared to 42% last year.