ASPM Spotlight

Volume 1, Issue 1 | January 10, 2024

Happy New Year!

Welcome to Cycode's first ASPM Spotlight newsletter of 2024! We are excited to kick off the new year with a biweekly newsletter that shines a light on all things related to Application Security Posture Management (ASPM).?

Application Security Posture Management is a promising new application security platform designed to address the many shortcomings of traditional AppSec point solutions. Among its many features, ASPM promises full visibility from code to cloud, enhanced risk scoring and prioritization, and automated remediation. ASPM breaks down the silos between security and development, promoting a culture of collaboration in which security is a team sport.?

In today’s edition of ASPM Spotlight, we are diving deep into one of many insights from our State of ASPM 2024 report.

Insight: AppSec Chaos Reigns Over Today’s Attack Surface

As applications and development ecosystems grow more complex, securing them becomes more challenging. The following are some of the major obstacles we see in application security today:

• Unmanageable Attack Surfaces
• Tool Sprawl
• Security and Development Working in Silos
• Alert Fatigue Resulting in Missed Critical Risks
• Shift Left Slowing Innovation
• Growing Distrust Between Security and Development
• Regulatory and Compliance Mandates

All these factors combined have created a perfect storm that we call AppSec Chaos.

Based on data from Cycode’s State of ASPM 2024 report, we have identified a growing general feeling of unease among Application Security teams when it comes to attack surfaces. The majority of AppSec teams (71%) feel that today’s attack surface is unmanageable. Only 14% of those surveyed felt that modern attack surfaces were manageable. This indicates that many security teams feel unable to effectively address the different threats and attack vectors required to lock down their applications.?

CISOs, in particular, expressed a high level of concern about managing attack surfaces. According to our research, almost 4 in 5 (78%) CISOs surveyed stated that today’s attack surface is unmanageable. By contrast, just over 3 in 5 (61%) DevSecOps Directors surveyed felt the same. The high level of concern on behalf of CISOs may be partially attributed the shift in liability to CISOs and other security executives when data breaches occur. Increasingly, regulators and prosecutors have been charging CISOs with violating cybersecurity and privacy rules.

The research for the State of ASPM also segmented data by industry. The Travel (90%), Retail (85%) and Finance (82%) sectors expressed the highest levels of concern over managing ever increasing attack surfaces.

Interestingly, the larger the AppSec team, the more likely they were concerned about attack surfaces. Teams with 6-10 employees said the attack surface was unmanageable 77% of the time versus 62% of teams with 2-3 employees. This is likely due in part to larger AppSec teams being responsible for larger engineering teams, more security tooling, and more complex environments.

In our next newsletter, we’ll take a in-depth look at the impact of tool sprawl.

ASPM Nation

Cycode is pleased to announce ASPM Nation, our upcoming virtual summit on February 29, 2024 from 11-2pm ET.??

Cybersecurity and AppSec leaders are coming together for the inaugural ASPM Nation event to discover the most innovative strategies for developing secure applications fast without compromising security. This exclusive event is a space to discuss security challenges in application development, how to manage emerging threats and technical complexity, plus predictions for the future of secure software development.?

Immerse yourself in a morning of practical insights, gain valuable strategies from our renowned speakers, and build connections with peers who share your passion for developing a more secure and innovative future.

Sign up now for early bird registration!

Additional Resources

Interested in learning more? Check out the following resources:?

• The State of ASPM 2024 - full report

Cycode Blogs:

• Connecting the Dots: NIST SSDF, Self-Attestation, and a Complete ASPM Platform
• Software Supply Chain Security Deconstructed
• Introducing an All-New Cycode: The Only Complete Approach to ASPM
• Application Security Posture Management: Key Components for Complete Coverage
• Cycode ASPM

Subscribe Today

Subscribe to our newsletter today and follow us on LinkedIn to be the first to receive insights from our State of ASPM 2024 report and upcoming research straight to your inbox. By subscribing, you’ll gain insider knowledge on ASPM and the latest on developer security trends to ensure you are always up to date on how to effectively reduce your organization’s AppSec risk.?