Security hygiene and posture management has become increasingly difficult because of factors like a growing attack surface, the increased use of cloud computing, and the need to support a remote workforce. These factors can create security vulnerabilities that lead directly to cyber-attacks. Indeed, a majority of organizations have experienced at least one cyber-incident due to the exploitation of an unknown, unmanaged, or poorly managed internet-facing asset. Unfortunately, this pattern will likely persist as most organizations continue to approach security hygiene and posture management with point tools, spreadsheets, and manual processes. Organizations are prioritizing spending on security hygiene and posture management, focusing on areas like continuous security testing, process automation, and increasing staff. Security professionals also aspire to consolidate disparate point tools into a security observability, prioritization, and validation (SOPV) architecture to gain a holistic perspective across all aspects of security hygiene and posture management.

TechTarget’s Enterprise Strategy Group (ESG) surveyed 383 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools, among others.