Report: Security teams take an average of 6 days to resolve alerts

Today, Palo Alto Networks published the Unit 42 Cloud Threat Report Volume 7, which examined over 1,300 organizations and analyzed workloads for 210,000 cloud accounts, subscriptions, and projects across all CSPs. The analysis revealed that security Teams take an average of 145 hours (about six days) to resolve a single security alert.

Research indicates that most security teams are unable to process alerts at the speed they need to protect their organizations from threat actors.

“Organizations need to be as fast as the attackers they are defending against. Typically, Unit 42 sees attackers exploiting newly disclosed vulnerabilities within hours or even minutes. Resolving security alerts with speed and urgency is critical for organizations, and there is technology that, if configured correctly, will also help reduce alert noise,” said Jay Chen, Cloud Security Researcher, Prisma Cloud and Unit 42 at Palo Alto Networks.

Either way, the report points out that many security teams make the same mistakes, leading to alerts being generated. For example, 80% of alerts are triggered by just 5% of security rules in most enterprise cloud environments.

Lack of MFA is a common security weakness

The report also revealed that most organizations do not enforce multi-factor authentication (MFA) among cloud users, 76% of enterprises not implementing MFA for users who can log in to the cloud management web portal on the public internet and 58% not implementing MFA for root/admin users.

This is a serious oversight given that if any of these privileged identities were accessed by an attacker, the entire cloud infrastructure could be compromised.

Importantly, research from Palo Alto Networks suggests organizations need to improve user access controls in the cloud and find new ways to streamline alert resolution to survive in today’s threat landscape.