Report: Security teams take an average of 6 days to resolve alerts 

Today, Palo Alto Networks released the Unit 42 Cloud Threat Report Volume 7, which examined over 1,300 organizations and analyzed the workloads in 210,000 cloud accounts, subscriptions and projects across CSPs. The analysis found that security teams take an average of 145 hours — approximately six days — to resolve a single security alert. 

The research indicates that most security teams aren’t able to process alerts at the speed they need to protect their organizations against threat actors. 

“Organizations need to be as fast as the attackers they’re defending against. Typically, Unit 42 sees attackers exploiting newly disclosed vulnerabilities within a few hours — if not minutes. Resolving security alerts with speed and urgency is critical for organizations, and there’s technology that if configured properly, will help cut down the alert noise as well,” said Jay Chen, cloud security researcher, Prisma Cloud and Unit 42 at Palo Alto Networks. 

In any case, the report highlights that many security teams are making the same mistakes, which are leading to alert generation. For instance, 80% of alerts are triggered by just 5% of security rules in most organizations’ cloud environments.

Lack of MFA a common security weakness

The report also revealed that most organizations were failing to enforce multifactor authentication (MFA) among cloud users, with 76% of enterprises not implementing MFA for users who can log in to the cloud management web portal on the public internet and 58% not enforcing MFA for root/admin users. 

This is a serious oversight given that if any of these privileged identities were accessed by an attacker, the entire cloud infrastructure would be at risk of compromise.

Above all, the Palo Alto Networks research suggests that organizations need to enhance user access controls in the cloud and find new ways to streamline alert resolution to survive in the current threat landscape.