Keeping pace with the continuous flux of cloud deployments – “Edgescan Cloudhook”
IT environments are ever-changing and dynamic. New applications, infrastructure and data are often added without the security team’s knowledge which in turn expands the attack surface. Security policies are typically ignored at scale which makes understanding your digital footprint a near-impossible endeavour.
Massive multi-tenant and multi-user environments, dynamically allocated resources or simply the sheer number of services to secure will ultimately lead to one or more of the following:
- Theft of data from a cloud service by threat actors.
- Incomplete control over user access.
- Cloud applications being provisioned outside of IT visibility (e.g., shadow IT)
- Inability to monitor data in transit to and from cloud services, applications and API’s.
- Inability to prevent the misuse of data or attacks from the “inside”.
- Lack of team members with the skills to manage cloud security.
- An overall lack of visibility into the type of data in cloud application storage.
- Threats and attacks against the cloud application provider.
- Inability to assess the security of the cloud application provider’s operations. (Don’t presume security isn’t your concern because you are using a 3rd party hosting somewhere else)
- An Inability to maintain regulatory compliance.
If Your organization is using cloud services, particularly from one of the “big 3”, namely, AWS, AZURE and GCP you first need to identify if they form part of your main security strategy and if not, they should be front and centre. To mitigate cloud computing security risks, there are several best practices that all organizations should work towards, but it all starts with one word “Visibility”.
The first step should always be to understand what’s deployed on the public Internet with an External Attack Surface Management (EASM) solution.
The Second step is to take that inventory and ensure it is secure and free of vulnerabilities with an full-stack vulnerability management (VM) solution.
This is where technology is required particularly for cloud integrations which are vital in plugging the gaps that traditional inventory management tools can miss. Most modern cloud consoles will feature some sort of asset management tool but typically what’s on offer is a basic visibility component. And yes, this is the first step but why not solve multiple problems with one solution?
An organization needs to ask itself how its cloud inventory is being monitored by its security tools as it evolves. Can you trust that once a new service is spun up or changes over time, it is automatically scanned for vulnerabilities or exposures?
You will find the visibility components of modern cloud providers can be limited with regard to exposure. Having visibility that a cloud endpoint is exists is clearly not enough. An organization needs to understand what’s running on that device, are services in date and most importantly what services are exposed to the wild.
Let’s take Phishing for example. In 2020 and 2022 it remains the most common security incident to affect cloud environments. According to statista.com it accounts for 73% of overall attacks. The traditional approach to remediation is to invest heavily in email security and employee security awareness training. While this is important, it’s clear to see that it is a mitigation as opposed to a comprehensive fix. The recommended approach should be to focus on closing the door as opposed to simply employing a doorman.
Most ransomware variants rely on a technical aspect and human error. The Technical aspect typically will target exposed services such as RDP, SSH, SMB, FTP, misconfigured firewalls etc. If an organization can understand where they have these types of dangerous services exposed, they can plug the leak “before the pipe bursts”.
Cloud integrations or as we like to refer to them “Cloudhook” are connectors designed to accomplish this task. They provide an effective way to automate your cloud security program, particularly as it relates to External Attack Surface Management (EASM) and Vulnerability Management (VM). Edgescan Cloudhook is designed to consolidate both EASM and VM into a unified solution. – Visibility and Vulnerability detection, in real-time as the cloud deployment evolves.
As services are spun up and down the Cloudhook should automatically enumerate and inventory an organization’s environment into its ASM and Vulnerability management modules. Automatic security assessment, visibility and exposure detection.
Firstly, let’s look at the unique benefits that a feature-rich EASM solution can offer:
- Enumerate unknown assets, uniquely identify them, track change and deployment, and automate the analysis of changes in the enterprise’s IT landscape
- Keep pace in Real-time with changes to the cyber landscape. As the cloud changes it is reflected in both ASM and Vulnerability management automatically.
- Enterprises need continuous enumeration of cloud/IT weaknesses, exposures and misconfigurations to reduce the risk of data breaches, exposures and privacy non-compliance.
- Track and control cloud spending by identifying shadow cloud/IT deployments.
- For users in GRC/Risk Management and privacy functions, ASM helps ensure compliance with security privacy regulations and framework by detecting potential exposures.
Again, to hammer it home – Complete Visibility is the cornerstone of a robust security posture.
You can’t secure what you don’t know about. With today’s cloud-enabled and rapid development environment, technologies such as Cloudhook must be considered as vital in your security program as running vulnerability scans or penetration tests.
However, as an interesting side-step one of the scenarios, I’ve recently witnessed is clients will use EASM and Visibility as a tools to focus on cost-saving or reaching carbon goals. The premise is quite similar. If a service should not be deployed, then take it down.
After Exposure has been reviewed and mitigated, the next step is to ensure vulnerability scanning and security testing are taking place, With the Edgescan Cloudhook this happens seamlessly in conjunction with EASM.
In conclusion, the takeaway here is that native cloud integrations (CloudHook) are a vital component for any client that is mature in their cyber security posture, or for any client that is undergoing Digital Transformation to the cloud. Don’t be fooled by the suite of tools offered by your hosting provider. Yes, they provide ways to do basic inventory, but the bigger picture of the overall Cloud environment security needs to be considered.
A modern competent Security vendor will have the ability to fully automate the various aspects of your cloud security and take away the pain.