Gartner, Inc. | G00812073
Page 1 of 14
Innovation Insight: Automated Security Control
Assessment
29 August 2024 - ID G00812073 - 11 min read
By Analyst(s): Evgeny Mirolyubov
Initiatives:Infrastructure Security; Meet Daily Cybersecurity Needs; Security Operations
The complex web of security controls, skills gaps and rapidly
changing attack techniques compound the problem of maintaining
an optimal configuration of technical security controls. Security
and risk management leaders can improve their security posture
by automating security control assessments.
Overview
Key Findings
Misconfiguration of technical security controls is a persistent issue associated with
security breaches. Weak security defaults, configuration drift, tuning to reduce false
positives and evolving attack techniques lead to suboptimal deployments of
technical security controls.
■
Automated security control assessment (ASCA) technologies are not just for mature
security teams with multimillion dollar budgets. They are suitable for a wide range of
organizations to help address the risks of technical security control misconfiguration
and mismanagement.
■
Although adopting ASCA technology is beneficial, fully automating remediation can
be problematic. Excessive reliance on automation of security configuration changes
often leads to heightened risks of false positives.
■
This research note is restricted to the personal use of liuyang17@qianxin.com.
剩余13页未读,继续阅读
资源评论
