58% of enterprises says that detecting vulnerabilities is getting more difficult as their attack surface increases in complexity, size and rate of change, according to a survey by security testing platform Synack. The survey led by TechTarget’s Enterprise Strategy Group (ESG) that shows challenges in scaling penetration testing to meet the needs of large enterprises.
The report commissioned by Synack leverages insights from 200 technical decision-makers at U.S. organizations with at least 1,000 employees. Half of the survey respondents reported it was more difficult to manage their attack surface today than it was a year ago, whether because of third-party risk, data complexity or increasing attacker sophistication.
Other highlights of the report include:
- Organizations reported pentesting currently covers only 47% of business-critical apps
- 60% of respondents reported finding it difficult to test frequently enough to keep up with the pace of application development, with three in four saying it’s likely they will consider platform-based testing solutions like Penetration Testing as a Service (PTaaS)
- 65% recognize that traditional pentesting is not a viable approach to cover their attack surface.
“Point-in-time pentests have been a staple of security programs for so long, it can be hard to move to a continuous approach,” said Dr. Mark Kuhr, Synack CTO and co-founder. “This survey shows security teams are aware of PTaaS’s potential to accelerate business transformation and keep pace with modern software development, even though few have made the leap.”
Only 32% of respondents said they use pentesting to improve overall security strategies and posture. Most either reported using pentesting for compliance or to achieve tactical objectives like finding and fixing vulnerabilities.