The Need for Speed: When Cloud Attacks Take Only 10 Minutes
In the fast-paced landscape of cloud security, attacks have become a formidable adversary. As organizations migrate their data and applications to the cloud, malicious actors have been quick to adapt and exploit vulnerabilities. The speed at which these attacks occur is nothing short of alarming. The “Sysdig 2023 Global Cloud Threat Report” finds that cloud attackers spend less than 10 minutes to execute an attack.
The Cost of Cloud Attacks
Recent attacks, such as the Australian health insurance ransomware incident, serve as stark reminders of the financial and operational havoc they can wreak. The attack, which compromised sensitive medical records and disrupted essential services, came with a hefty $10 million ransom. However, the cost of such attacks extends beyond the ransom payment; in this case, that’s a reported $80 million-plus in damages payouts. Reputational damage adds additional impact.
LABRAT, another financially motivated operation, was observed weaponizing a vulnerability in GitLab as part of a proxy-jacking campaign. It allows the attacker to “rent” the compromised system out to a proxy network, basically selling the compromised IP address. A lateral movement attack, dubbed SCARLETEEL, focuses on AWS Fargate environments with the intention of engaging in data theft and more malicious forms of attacks.
Whichever the type of attack, the impact is generally significant financial losses, damage to an organization’s reputation, and legal repercussions. As cloud environments continue to expand, so does the attack surface, making it increasingly difficult to defend against determined adversaries.
The Inadequacy of Traditional Solutions
Traditional endpoint detection and response (EDR) solutions, while effective in the environments they were originally designed for, are not fully equipped to handle the challenges posed by modern cloud attacks. It’s akin to trying to protect a modern house with outdated security measures. The same goes for point cloud security solutions like the following.
- Cloud security posture management (CSPM): CSPM is analogous to preventative measures like closing windows and locking the doors in your house or fixing a broken deadlock that leaves you vulnerable. While these efforts help maintain a secure environment, alone they cannot stop a breach — in your house or a cloud environment.
- Cloud identity and entitlement management (CIEM): CIEM provides insights into who has access to your “house keys.” It’s like realizing that you’ve given keys to your dog walker. Even if your doors are locked, the risk remains because of the over-permissioned access. CIEM, while valuable, isn’t complete security.
While CSPM and CIEM are critical components of a cloud security strategy, they only focus on prevention. And prevention usually fails.
Consolidated Protection for the Entire Cloud Environment
To effectively defend against the speed and sophistication of cloud attacks, organizations should adopt an end-to-end cloud security solution integrating various components for holistic protection across all stages of development through production. Detection and response are crucial because you can’t prevent every threat.
Runtime detection is a backup plan like a security camera in the event someone leaves the garage door open or forgets to lock a window. A security camera, if tripped, gives an immediate notification that someone is in your home. Within seconds, you can record the steps they take and call the police to stop them in their tracks. Without a camera, you’d come home to an empty house and no way of knowing who intruded.
With the speed of the cloud, security tools must provide real-time data from runtime, also known as runtime insights. Just as the camera is essential for detecting an intruder in your house, runtime insights are crucial for identifying anomalies and potential threats within your cloud environment.
Cloud security based on runtime insights offers many advantages:
- Real-time detection of active threats, instead of the hours or days you get with snapshot approaches.
- Multidomain correlation to identify risky combinations across environments that create attack paths to sensitive data.
- Prioritization of the most critical security risks by focusing on what’s in use, which significantly filters out noise.
The speed at which cloud attacks occur necessitates a proactive and adaptive approach to security. Point solutions, while valuable, are insufficient on their own. A consolidated cloud-native application protection platform (CNAPP) powered by runtime insights, is required to prevent, detect, and respond to threats effectively.
When attacks can have devastating consequences, investing in end-to-end cloud security is not just a choice but a necessity to safeguard your organization’s digital assets and reputation.
About the Author
Nick Fisher is VP of Product Marketing at Sysdig, with over 15 years of experience in enterprise SaaS and modern security solutions. Previously, Nick led security product marketing at Okta. Nick lives in San Francisco and holds an MBA from Columbia University.
Read More HERE