Combining Cloud Native Security Posture Management with threat intelligence can plug the five top invisible threats of cloud computing.
As companies migrate and expand their applications and services to multi-cloud environments, security teams face growing challenges, ranging from corporate policies and budget constraints to compliance fines and new threats of attack.
Threats to cloud data security can come from many areas, both internal and external, ranging from valid users misusing data to bad actors attempting to use stolen credentials.
While the threats and theft remain ubiquitous, the tactics used by attackers are constantly adapting. Researchers from Check Point Software have compiled the top five cloud-native security challenges here, and offer generic mitigation strategies for consideration.
Lack of visibility
You cannot protect what you cannot see! When compared to on-premises environments, moving to the Cloud can result in a severe lack of security and compliance insight. Public cloud environments demand the ability to see and control assets living in another’s physical space, and in the shared security responsibility model, the public cloud customer is responsible for securing its data and traffic flows.
Adding to the complexity is the ever-changing nature of cloud resources and trying to keep track of these assets. Cloud native technologies, such as serverless, raise new challenges as they grow in scale. Serverless apps often comprise hundreds of functions, and as the application matures, maintaining all this data and the services accessing this data becomes unwieldy.
This is why assets must be automatically detected as soon as they are created, tracking all changes until that resource no longer exists.
Gain visibility into context
Housing this historical data is not enough: maintaining data means nothing without the proper context. Context is vital to improving risk identification. The inclusion of context to application security reduces both false negatives and false positives, also helping reduce alert fatigue. For example, a given activity can be a suspicious anomaly in one situation and entirely innocuous in another. Viewing requests ‘with context’ helps to detect malicious activity more effectively.
Cloud native security must understand normal use as well as users’ intent in order to more accurately detect malicious use. To adequately understand normal use, security solutions should use machine learning to build a comprehensive profile of what constitutes normal use. Such profiles allow a solution to automatically identify deviations and alert on suspicious activity. The legacy approach with, for example, constant manual tuning of web application firewalls, does not work.
Gain high-fidelity visibility
There is visibility, and then there is deep, real-time, investigative, and centralized visibility. In order to achieve this, a solution must be able to integrate via APIs with all the environments and entities that comprise the infrastructure. This provides the ability to aggregate and analyze the various monitoring data streams, such as account logs and account activity, to deliver true situational awareness, providing real-time insights into every data flow and audit trail.
- Gain visibility into context
As cybersecurity pros innovate, so do attackers. Different attack types, such as account takeovers, can be executed using a variety of tactics, such as phishing, brute force botnet attacks, purchasing user credentials from the dark web, and even digging through discarded trash for personal information.
This creativity of attack requires creativity on the part of security professionals. A diverse threat landscape requires a diverse approach to defence. If attackers are digging tunnels beneath walls, drilling holes in the roof, breaking windows, and calling you on the phone to trick you into opening the front door, you need to fortify defenses against all of these various attacks.
Cloud forensics and investigation becomes costly and ineffective when there is too much security data to analyze—making it nearly impossible to elevate true security alerts from the irrelevant ones. The accumulation and interpretation of data collected during daily cloud operations prior to an incident play a critical role: this has a direct impact on security, as information may be relevant for subsequent investigations.
Organizations migrating to the cloud must understand the importance of data analysis, intrusion detection and threat intelligence to protect sensitive data while preventing threats. Cloud intelligence tools can analyze events in the cloud environment and provide account activity insights through machine learning and threat research. Look for solutions that give you the power to filter results, drill down for more information, troubleshoot with queries, and customize alert notifications.
Rule sets should take into account the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, divided into 14 different categories. For example, lateral movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain.
Mitigating risks of attacks that use lateral movement requires broad visibility to detect such attacks before they are able to accomplish those primary objectives.
Inability to enforce consistent policies
Today’s cloud-native environments consist of a variety of tools from numerous vendors, making it difficult to centralize security policies and apply them consistently.
The Enterprise Strategy Group states: “In addition to increasing cost and complexity, the use of environment-specific cybersecurity controls contributes to an inability to implement centralized policies.” ESG’s research has revealed “a clear preference moving forward for integrated platforms to enable a centralized approach to securing heterogeneous cloud-native applications deployed across distributed clouds.”
In a multi-cloud/hybrid infrastructure, it is very difficult to harness disparate tools to gain the actionable end-to-end visibility essential for effective cloud security posture management. Look for a solution that can streamline your entire cloud infrastructure, bringing in all CSPs and unifying and automating rulesets, policies, alerts and remediation tactics.
Misconfiguration takes place when a cloud-related system, tool, or asset is not configured properly, thus endangering the system and exposing it to a potential attack or data leak. According to the reports, the highest ranking cloud threat is misconfiguration, with around 68% of companies citing this as their greatest concern. This threat is followed by unauthorized access (58%). One of the most common cloud misconfigurations cited in studies is “Default or no password for access to management console.”
Slow security processes
One of the key advantages of cloud computing is flexibility, agility and speed. Organizations need continuous compliance and security that keeps up with high-velocity CI/CD pipelines, ephemeral workloads, and the highly-elastic nature of public cloud infrastructure.
In their attempt to implement the most secure policies, many organizations make the mistake of placing security over efficiency and speed. This will never work if developers are hindered and bogged down while trying to release new software and updates.
By shifting left, organizations can implement and automate security early on in the software supply chain.
Using CSPM and threat intelligence
Cloud Security Posture Management (CSPM) tools can automate security management across diverse infrastructure, including IaaS, SaaS, and PaaS.
These tools empower companies to identify and remediate risks through security assessments and automated compliance monitoring. CSPM can automate governance across multi-cloud assets and services including visualization and assessment of security posture, misconfiguration detection, and enforcement of security best practices and compliance frameworks.
Sometimes, disparate cloud security solutions can also bring security gaps, lack of visibility and end-to-end context around risk. Additionally, the duty is becoming perpetually more challenging with increases in both cloud sprawl and the velocity of agile software deployment.
The answer to such problems is to harmonize security that works at scale and moves at the speed of Cloud. Meeting the challenge of securing modern multi-cloud infrastructures requires shifting security left while also automating it.