“A big part of that drop came on the back of a 12-point decline in risk assessment capabilities. As a part of the assurance report, security practitioners were asked about their risk assessment capabilities in 11 key areas, including cloud environments, endpoints, and Web servers. Most areas achieved no better than mediocre scores, with the worst performances in emerging categories like containerization and DevOps environments, which received failing grades.
‘Today’s network is constantly changing — mobile devices, cloud, IoT, Web apps, containers, virtual machines — and the data indicate that a lot of organizations lack the visibility they need to feel confident in their security posture,’ says Cris Thomas, strategist, Tenable Network Security. ‘It’s pretty clear that newer technologies like DevOps and containers contributed to driving the overall score down, but the real story isn’t just one or two things that need improvement, it’s that everything needs improvement.'”