Cloud Native Security Posture Management and Threat Intelligence
By Lothar Geuenich, Regional Director Central Europe at Check Point Software
Lothar Geuenich, Regional Director Central Europe at Check Point Software Technologies GmbH
As data mobility increases and multi-cloud environments expand, IT teams face a number of challenges. It is difficult to implement uniform guidelines and meet legal requirements. In addition, there are restrictions due to too low budgets and the shortage of skilled workers in the industry.
Meanwhile, the threat landscape remains agile and constantly adapts. What mistakes are most often committed and how to deal with them?
Lack of visibility
Compared to on-premise environments, there is a significant lack of visibility into security and compliance when moving to the cloud. Public cloud environments require the ability to see and control the resources located in another physical space. In the shared security responsibility model, the public cloud customer is responsible for securing their data and data streams. The complexity is further increased by the constantly changing cloud resources. Native cloud technologies, such as serverless applications, bring new challenges as they grow in scale. Serverless applications, in particular, often consist of hundreds of functions, which makes managing all this data and the services very unwieldy.
The visibility of the corresponding context is also important. Storing the data alone is not enough, as context is crucial for better risk detection. By including context in application security, both false negatives and false positives are reduced. An activity can be a suspicious irregularity in one situation and completely harmless in another. Viewing requests in context helps detect malicious activity more effectively.
A cloud security management system must understand the intent of users to more accurately detect malicious use. Security solutions should use machine learning to create a comprehensive profile of normal usage. Such profiles allow a solution to automatically detect deviations and warn of suspicious activity. The traditional approach, in which, for example, WAFs (Web Application Firewall) are constantly adjusted manually, does not work.
Today’s cloud-native environments consist of a variety of tools from numerous vendors, making it difficult to centralize and uniformly apply security policies.
Surveys conducted by the Enterprise Strategy Group (ESG) have shown that the use of environment-specific cybersecurity controls not only increases costs and complexity, but also contributes to the inability to implement centralized policies. There is a clear preference for integrated platforms that enable a centralized approach to securing heterogeneous cloud-native applications.
In a multi-cloud/hybrid infrastructure, it is very difficult to leverage disparate tools to get the actionable end-to-end visibility that is essential for effective cloud security posture management. Look for a solution that can streamline your entire cloud infrastructure by including all Cloud Solution Providers (CSPs) and unifying and automating rulesets, policies, alerts, and remediation.
A misconfiguration is when a cloud-related system, tool, or asset is improperly configured, putting the system at risk and exposing it to a potential attack or data leak. According to the 2020 Cloud Security Report, the biggest cloud threat was misconfiguration, which 68 percent of organizations said was their biggest concern (compared to 62 percent last year). This threat was followed by unauthorized access (58 percent). To further substantiate this statistic, ESG asked participants about the ten most common cloud misconfigurations in the last twelve months. At the top of the list, a whopping 30 percent of respondents said that the password to access the management console is preset or missing.
While common sense alone should guarantee that no company uses default, obvious, or no passwords at all, ensuring proper configuration across the cloud infrastructure is a little more complex. Cloud Posture Management provides automatic remediation that ensures all systems are configured correctly at all times.
Slow security processes
One of the great benefits of cloud computing is flexibility, agility and speed. Organizations need continuous compliance and security that can keep pace with the highly elastic nature of public cloud infrastructure.
In their attempt to implement the safest policies, many companies make the mistake of putting security above efficiency and speed. This will never work if developers are hampered and delayed in releasing new software and updates. Through previous software and system testing, organizations can implement and automate security in the software supply chain.
Cloud Native Security Posture Management and Threat Intelligence Solutions
To keep track, Cloud Security Posture Management (CSPM) tools that can automate security management across different infrastructures, including IaaS, SaaS, and PaaS, are a significant relief. CSPM tools enable organizations to identify and address risks through security assessments and automated compliance monitoring. CSPM can automate the management of multi-cloud resources and services, including security posture visualization and assessment, misconfiguration detection, and enforcement of security best practices and compliance frameworks.
While enterprises benefit from the use of the cloud, vulnerabilities, bugs, and misconfigurations are common. Inconsistent solutions lead to security vulnerabilities. Their ability to secure the cloud is further constrained by a lack of visibility and end-to-end context around risk. In addition, the task is becoming increasingly difficult due to the increasing spread of the cloud and the speed of agile software deployment. And no one wants to sacrifice growth or speed for safety.