start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

The HCL AppScan team recently presented a webinar titled, “Managing Application Security in a Global Enterprise: A CISO’s Perspective.” You can listen to the replay of the event here.

In the session, HCLSoftware CISO, Joe Rubino, and HCL AppScan VP, Dave Munson, discuss the following topics:

  • Keeping up with the pace of security change in a global organization.
  • Best practices to cope with “analyst fatigue” in a high-volume security environment.
  • Maintaining security controls in today’s “Work from Home” environment.
  • The impact of artificial intelligence technology on application security testing.

The purpose of my blog is to provide four key take-aways that relate to each of the topics that are presented in our webinar. We encourage you to listen to the replay to learn more.

Keep up with the pace of security change

Few application security statistics that I’ve come across are more compelling than this one: A recent compiled report by TechBeacon found that 92% of web applications contained security vulnerabilities that could potentially be exploited.

Separately, the report found that it took organizations an average of 38 days to patch web application vulnerabilities regardless of their severity, despite the fact that 86% of vulnerabilities had a patch available within 24 hours of disclosure. We can infer from those findings that security teams are having a challenging time keeping up with the rapid pace of change.

Take-Away #1:

The pace of change is only going to become faster. Your organization needs to enact best practices to adapt to the rapid pace of security change.

Cope with analyst fatigue

Analyst fatigue has officially become a “thing.” A recent survey published in Healthcare IT News found that more than 80% of security analysts reported that their Security Operations Centers (SOCs) had experienced analyst churn between 10% and 50% in the previous year.

Even further, 70% of respondents reported that they were required to investigate more than ten alerts per day, up from 45% the year before. And, only 41% of respondents stated that their chief responsibility was to analyze and remediate security threats, compared to 70% the year before.

Take-Away #2:

Your people are your most valuable resource, and you need to adopt strategies to cope with analyst fatigue so that you can retain and empower them.

Adapt to a “Work from Home”  environment

In an April 2020 working paper, an academic team led by MIT professor Erik Brynjolfsson found that nearly half of survey respondents were working from home as a result of the COVID-19 pandemic. In particular, the percentage of workers who had switched to working from home instead of commuting to an office represented roughly 34% of respondents at that time. In addition, about 15% of respondents reported that they had been working from home prior to the COVID-19 pandemic and continued to do so. The shift is so remarkable that the New York times published a June 2020 article titled, “What if Working from Home Goes on…Forever?”

Take-Away #3:

Your software development process is likely to involve a remote workforce for the foreseeable future, so you need to be able to maintain productivity and security in the new environment.

Empower Application Security with AI technology

In the “Healthcare IT News” study that I referred to in Section #1 above, more than half of respondents reported that they had to wade through false-positive findings that represented 50% or more of their total findings. Imagine that- Not only was true-positive alert volume increasing, but false-positive volume was increasing as well!

Artificial Intelligence/ Machine Learning technology, such as HCL AppScan’s Intelligent Finding Analytics (IFA) capability, can help to reduce false positive findings and noise by more than 90%. You can learn more about IFA in our brief YouTube video.

Video image
 

Take-Away #4:

The Machine Learning space is constantly evolving, and you need to implement technology that best suits your specialized needs. Artificial Intelligence/ Machine Learning technology can help your organization to focus on the vulnerabilities that matter most, while improving your SOC team’s productivity.

Listen to our webinar replay

You can learn more about each of the take-aways above, by listening to our webinar recording. We look forward to your participation!

 

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

  |  December 23, 2024
Transforming Application Security Testing with Developer-Centric DAST
Empower developers to find and fix vulnerabilities early with developer-centric DAST. Learn how this approach can improve your application security testing.
  |  October 29, 2024
HCL AppScan 360º v1.4.0: Redefining AppSec with Powerful New Features
Explore HCL AppScan 360º v1.4.0 with VM installation, GitHub integration, GenAI AutoFix, and enhanced DAST/SAST features for seamless security management.
  |  October 28, 2024
DAST and SCA Capabilities: Latest Updates in HCL AppScan on Cloud
Discover the latest DAST, SCA, and integration updates in HCL AppScan on Cloud, enhancing application security and streamlining development workflows.