Why a network security model is not enough for the cloud

By Subhalakshmi Ganapathy, Product Evangelist, ManageEngine

When an IBM study found that cyber risk is the only challenge weighing more heavily on the Canadian C-suite than environmental sustainability, it came as no surprise. With recent major cyberattacks at the University of Windsor, the National Library of Quebec, Sunwing Airlines and the National Research Council of Canada, our nation’s CEOs are looking for ways to secure the cloud. Unfortunately, they may not be looking in the right places.

Securing the Cloud

According to a publication by the Canadian Center for Cyber ​​Security, securing the cloud can be even more complicated than protecting an on-premises network. Cloud providers provide various APIs, such as Platform APIs as a Service, Software APIs as a Service, and Infrastructure APIs as a Service, which increases the complexity of cloud adoption. ‘a multi-cloud environment and the management of a variety of APIs and interfaces. Add to that the ongoing effort to establish cloud configuration policies, controls, and attributes and manage post-deployment configuration changes. Without constant monitoring, this scenario is an imminent data leak.

In on-premises networks, intrusions are one of the most common threats. Adversaries attempt to exploit open ports and vulnerabilities on Internet-connected endpoints to break into the network. Later, they move laterally within the network to grab high-level accounts or critical resources to carry out attacks. They also use slow exfiltration tactics and techniques to sneak sensitive data out of the network undetected. With the cloud, all adversaries need to do is take control of APIs to hijack resources and direct sensitive data to their command and control servers.

Clear and present danger

A May 2022 alert issued by cybersecurity authorities in Canada, New Zealand, the Netherlands, the United Kingdom and the United States warns that misconfigured cloud services and weak security controls are making networks unsafe. vulnerable to the theft of sensitive data. This is further highlighted in the IBM Security X-Force Cloud Threat Landscape Report 2021, which attributes two-thirds of cloud incidents to misconfigured APIs. Gartner predicts that this number will be even higher in the future, predicting that by 2023, at least 99% of cybersecurity incidents will be due to misconfigurations of cloud resources.

What really works?

Organizations are adopting different tools to address cloud security issues, such as controlling shadow computing, stopping malicious API traffic, ensuring the right security policies and controls are used, and detecting and correcting configuration errors. However, when these tools are disjoint and do not communicate with each other, it adds more complexity to ensuring cloud security.

While visibility, shadow IT, and cloud traffic monitoring issues can all be solved using a cloud access security broker (CASB), detecting and correcting misconfigurations in the Cloud-hosted infrastructure, platforms, and software can be done using Cloud Security Posture Management (CSPM). A security information and event management (SIEM) tool, with its behavioral analysis and extended detection and response (XDR) component, can complement CASB and CSPM solutions for cloud security.

SIEM tools act as a platform where all security data is consolidated and analyzed. Contextual security inputs such as threat feeds, malware data points, and vulnerability scanner inferences are passed to the system for effective analysis. Using artificial intelligence and machine learning-based behavioral analysis, security events are better analyzed and red flags are pinpointed accurately. SIEM tools often offer security orchestration, automation, and response (SOAR) or XDR components to simplify incident resolution, helping security operations centers track their key metrics.

The case of the convergence of all security tools

As organizations rush to the cloud, a growing number of businesses are experiencing breaches and facing consequences which, in Canada, include financial losses of approximately $5.4 million per incident in 2021, compared to a average of $4.5 million the previous year. Fortunately, the cybersecurity market understands the importance of integrating security tools. The consolidation of all tools, such as threat intelligence platforms, SOAR and XDR, will help companies formulate stronger security strategies and defense systems to keep attackers at bay.