6 surprising findings from the CSA State of Security Remediation Report

Julie O’Brien




The Cloud Security Alliance (CSA) released a new report providing insight into the challenges that security engineers and CISOs are facing in their remediation operations. Here are 6 key takeaways from their survey of 2,000+ practitioners.

As more companies shift left and embrace hybrid cloud operations, the need for security visibility across the entire code-to-cloud environment is critical for staying on top of vulnerabilities and reducing exposure.

At Dazz, our mission is to make remediation a no-brainer for security and developer teams by unifying visibility across all detection tools, code, clouds, applications, and infrastructure. We prioritize issues coming from the entire environment and make them actionable, at root causes, so customers can speed up the time it takes to fix them and report on their SLAs.

The CSA State of Security Remediation survey validates the challenges that we know organizations are facing, as well as what’s needed to solve them.

This post highlights six main findings observed from the CSA survey. I encourage you to read the full report and benchmark your own remediation operations.

Among the survey’s key findings:

Finding 1:

A significant concern exists regarding the prevalence of vulnerabilities in code and their tendency to recur. This finding highlighted a pattern of quick-fix approaches rather than sustainable, long-term solutions. A substantial 38% of respondents estimated that between 21% and 40% of their code contains vulnerabilities; 19% noted that 41-60% of their code contains vulnerabilities, and 13% identified vulnerabilities in 61-80% of their code. Compounding this issue was the finding that over half of the vulnerabilities addressed by organizations tend to recur within a month of remediation.

What percentage of your code do you estimate contains problems or vulnerabilities that could impact security or functionality?

Finding 2:

Many organizations are struggling to achieve visibility in their cloud environments.  Only 23% of organizations reported full visibility with 77% experiencing less-than-optimal transparency, strongly suggesting that the complexity of these environments—particularly with the integration of containers and serverless architectures—poses significant challenges.

Visibility in the code-to-cloud environment

Finding 3:

False positives and duplicate alerts pose significant challenges. Sixty-three percent of organizations consider duplicate alerts a moderate to significant challenge, while 60% view false positives similarly, highlighting the inefficiencies and drawbacks of too much data coming at security teams. The high rate of organizations struggling with this could be attributed to overlapping functionalities among tools, or a lack of refined integration and fine-tuning, leading to alert fatigue, prioritization challenges and, ultimately, slower incident response times.

Difficulty posed by false positives and duplicate alerts

Finding 4:

The proliferation of security tooling is creating complexities. The escalating trend of alert overload is a significant challenge facing organizations. With 61% of organizations using between three and six different detection tools and 45% planning to increase their security tooling budget in the coming year (indicating that more are likely to be introduced), the landscape is becoming increasingly complex. This proliferation of tools, while enhancing security coverage, also leads to a surge in alerts, including a high volume of false positives.

How many security scanning or detection tools do you use in your cloud environment?

Finding 5:

Significant room for improvement exists in the remediation process. Seventy-five percent of organizations reported their security teams spend over 20% of their time performing manual tasks when addressing security alerts, despite 83% reporting they use at least some automation in their remediation process.

Time spent on manual tasks

Finding 6:

Slow response times to vulnerabilities indicate potential gaps in prioritization and response strategies. Eighteen percent of organizations reported taking more than 4 days to address critical vulnerabilities, with 3% exceeding two weeks. This slow response may result in prolonged risk periods, increasing the likelihood that companies will become the victim of a breach.

SLAs for critical security vulnerabilities

These findings emphasize several important areas of improvement in the cybersecurity remediation process. As cybersecurity threats evolve, organizations must adapt by seeking better visibility into their code-to-cloud environment, identifying ways to accelerate remediation, strengthening organizational collaboration, and streamlining processes to counter risks effectively.

Here are some additional resources that you might enjoy:
Assistive vs Automatic Remediation: What to Consider
A CISO’s Guide to AI for Cloud Security Remediation

See Dazz for  yourself.

Get a demo