Vulnerability Management & Cloud Security

Tony MasonData Protection, Enterprise Security, Vulnerability Management & SIEM

Cloud Security for IaaS, SaaS and PaaS.
Cloud Security

Cloud Security is becoming a top priority. Infrastructure as a Service (IaaS) is now the fastest growing area of the cloud. This is due to the speed, cost and reliability with which organisations can create and deploy applications, according to McAfee’s latest report –‘Cloud Native – Infrastructure as a Service Adoption & Risk Report’.

Unfortunately, the results of their survey show that 99% of IaaS misconfigurations go unnoticed.  Similarly it shows that awareness around the most common entry point to new “Cloud-Native Breaches” (CNB) is extremely low.

Securing Data In The Cloud

The surge in adoption of cloud-based technologies and IaaS means many companies are overlooking the need for shared responsibility for the cloud.  They are assuming that security is taken care of completely by the cloud provider. Above all companies need to remember that the security of what they put in the cloud, is their responsibility.

Rapid cloud adoption can be putting businesses and their sensitive data at risk. The speed of adoption means companies don’t yet have the correct tools in place nor the required visibility.  Therefore, they need to add security tools that are cloud-native, and purpose built for cloud security. This will ensure they secure themselves against new Cloud Native Breaches.  Too often security operations are taking a legacy approach to data security. This predates Cloud and often the web. As a result they are inadequate for securing your critical cloud data.  We need to work on a more modern approach to security, designed from the ground up in order to protect cloud environments from the start.

Cloud-First Security Strategies

Fortunately in a recent survey by Enterprise Strategy Group (ESG), they reveal that ‘cloud-first’ strategies are becoming more common and they will need to become more so. 58% of respondents say they will have more than 40% of their data stored in the cloud within the next 2 years and 45% said that will include their sensitive data.

According to McAfee, IaaS-based data loss incidents triggered by data loss prevention (DLP) rules have increased by 248 percent year-over-year.

However, despite this, 81 % of respondents still said their on-premises data security practices are more mature than those they use to secure their data in the cloud. Worryingly, 50% said their company had already lost data that they store in the cloud.

Misconfigurations

On the other hand, if only 1% of misconfigurations are being reported, this means that it is likely that many organisations worldwide are leaking data but are unaware of it. In total, 90% of McAfee’s respondents said they had come across security issues with IaaS.  Unfortunately, only 26% said they were equipped to deal with misconfiguration audits. As a result, this lack of visibility into their cloud usage may be contributing to an increased data breach risk.  90% of respondents to the ESG report said they were worried about not having visibility into misconfigured cloud services, server workloads, network security or privileged accounts.

Even in the case of the 1%, it can take longer than 24 hours to correct reported misconfigurations. In some serious cases, it can take over a month to fix them.

IaaS Breaches

IaaS breaches don’t look like a normal malware attack. They use native features of the cloud infrastructure to land an attack. Next they expand to other cloud instances and obtain your sensitive data. The majority of the time they manage to succeed by exploiting configuration errors in the way the cloud environment was initially set up.

Overall security has now become more complicated with the various platforms and 43% of those surveyed by ESG reported that maintaining consistency across the different infrastructures of a hybrid, multi-cloud environment where cloud-native apps are deployed as being the greatest challenge. 43% said that DevSecOps automation is the highest priority for cloud security. This could help address many of these concerns.

Full Visibility of the Risks

In summary what these research results show us is the need for security tools that help us keep up with IaaS-native issues, especially the ability to continuously audit IaaS deployments for initial misconfiguration and configuration drift over time.  

Monthly scanning is no longer enough when modern networks change every minute. Rapid7 InsightVM is a tool that can help you with this process.  It is built for your move into cloud, virtual, and containerised environments.

Rapid7 InsightVM gives you live visibility into your cloud, containerised, virtual, and remote infrastructure, so you can confidently understand the risk of your entire ecosystem.

As we’ve seen, containers, cloud services, and virtual devices are often spun up and down without direct involvement from the security team. To avoid creating unseen gaps in your defences, InsightVM integrates directly with dynamic infrastructure to give full visibility into the risks posed by these assets. 

Their Liveboards are live dashboards that update as soon as InsightVM gets data, letting you track your network and risk as it changes. The result? (It’s a pretty important one.) You can be confident in keeping your network secure as it expands into the cloud and beyond.

See here for more details.

The 2018 Forrester Wave for VRM says Rapid7 “has already implemented what vulnerability management will look like in the future.”…………..