Built-in Cloud Security Controls Essential to Securing an Expanded Network, Assert CISOs

Built-in Cloud Security Controls Essential to Securing an Expanded Network, Assert CISOs

Cloud Security ControlsAn important part of keeping up with the latest digital security threats involves learning what’s top-of-mind for CISOs. Lastline couldn’t agree more. That’s why it assembled a large group of CISOs for a day-long discussion of issues pertaining to IT security. (For full disclosure, some of these CISOs were from Lastline customers.)

The findings of the survey we conducted during the discussion confirmed that security incidents are an important consideration for CISOs. While many organizations continue to seek network visibility as a preventive solution, doing so becomes complicated in the cloud. Hence the need for organizations to build security into the cloud from the beginning if they are to achieve visibility into cloud-based threats.

The Persistence of Data Breaches as a CISO Concern

When Lastline asked these executives what they were most worried about, 88 percent of them answered “data breaches and intrusions.” Not too far behind this response was “insider threats” (50 percent of CISOs mentioned this), an issue that gained slightly more attention than both data security and advanced malware/APT at (43 percent each). Overall, these executives were less concerned with business continuity and availability as well as the cyber supply chain (19 percent each). Compliance and regulation, as well as user awareness and training, received even less attention (12 percent and 6 percent, respectively).

These findings aren’t much of a surprise, as data breaches have remained and will continue to be a top concern for CISOs. Such worry in part has to do with the sheer number of data breaches detected every year. It also reflects the difficulty of detecting these incidents.

Let’s get a little more specific here. In spring 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Verizon researchers analyzed 41,686 security incidents for this publication, and they confirmed data disclosure in 2,013 of those events. Their efforts revealed that 69 percent of data breaches involved external actors, whereas insiders were responsible for 34 percent of cases.

That’s not all they uncovered, however. Overall, the authors of the 2019 DBIR discovered that many organizations’ security defenses suffered from a problem of discovery during the reporting window. They specifically found that there was a significant difference between the amount of time it takes for an attacker to compromise an asset and when organizations discover that malicious action. Verizon Enterprise observed that the former took a matter of minutes while the latter often stretched across months or even years depending on the attack techniques involved.

Defending Against a Data Breach

The reality is that it’s not always easy for organizations to defend against a data breach. Lastline’s group of CISOs confirmed this in its roundtable discussion. Specifically, they said that their organizations commonly struggled against a lack of automation and responses that are too slow, the digital security skills shortage, and too many solutions requiring consolidation in their efforts to defend against digital security intrusions.

These challenges beg the question: what is the most effective way for CISOs to strengthen their organizations’ security against data breaches?

The answer lies with understanding the importance of the network. In their conversations, nearly all CISOs agreed that network security is as critical as endpoint and application security. They arrived at this view with the firm belief that network security is its own phenomenon. That is to say, they said that network-based security is independently useful as a means of threat detection and breach protection. They said it was separate from firewalls, for instance, as they said there’s value in turning on network monitoring and other capabilities designed to track threats that might have already infiltrated and begun moving laterally throughout the network.

These CISOs believe that they can strengthen their organization’s security by focusing on the network. In particular, they feel they need to gain more visibility into what’s already connected to the network. That makes sense, as you can’t protect what you don’t know about.

We Need to Talk About the Cloud

It’s easy enough to gain network visibility with on-premises assets hosted in the datacenter. But it’s not as easy in the cloud. Indeed, cloud security is more challenging for three reasons:

  1. It’s easy to spin up new cloud services – a blessing and a curse: When it comes to the cloud, all you really need is a credit card to set up an Amazon Web Services (AWS) account. From there, you can provision machines, copy data from S3 buckets, and run machine learning (ML) jobs. The problem is that it’s very difficult to corral and manage this process of creating cloud services, including those initiated by departments outside of IT and infosec, which makes it all the more difficult to maintain an accurate inventory of active cloud services.
  2. There are usually no formal processes for requesting and spinning up cloud services: Most organizations don’t specify protocols that employees must follow when spinning up cloud services. It’s understandable why CISOs would be worried about this. The danger is that someone could migrate something to the cloud that they’re not supposed to, increasing risk of exposure to sensitive data.
  3. There are no other mitigating controls in a cloud data center: Finally, there aren’t standard mitigating controls in the cloud. In the datacenter, you have fallbacks for the perimeter like firewalls and IDS tools. But not so for the cloud.

Clearly, there are difficulties involved with gaining visibility in the cloud. That explains why CISOs want to make sure they migrate to the cloud correctly. Per Lastline’s roundtable discussion, these executives aren’t interested in doing things the old way where organizations would migrate to the cloud and then wonder what security controls they should implement after the fact. Today’s CISOs want these security controls built-in. More than that, they want to orchestrate cloud security functions across the application layer and the network layer.

Towards Cloud Visibility

The discussion made it clear that many CISOs are interested in bolstering their network visibility, including that of the cloud. Indeed, their budget allocation priorities put Network Traffic Analysis (NTA) on par with email security gateways, next-gen firewalls, and web security gateways. This is not surprising. Network-based detection is a critical solution for protecting the perimeter and detecting malicious lateral movement across the network. According to the CISOs with whom we talked, it’s a key component of their security strategy going forward.

These priorities lead us to Lastline. When asked to clarify what they specifically would look for when purchasing such a utility, most CISOs said that they thought broad threat detection and superior detection accuracy were most important, which is completely in line with Lastline’s strengths. Lastline’s Network Detection and Response (NDR) platform delivers the visibility security professionals need to detect and contain sophisticated cyberthreats, on-premises or in the cloud. The company’s software protects the network, email, cloud, and web infrastructures, minimizing the risk of a damaging and costly breach that results in the loss of data, customers, and reputation.

Gain visibility of your cloud environments today.

Mustafa Rassiwala

Mustafa Rassiwala

Rassiwala has more than 10 years of experience in security product management, building DLP, SIEM, security analytics, fraud management and network security products. He has proven success at many companies including RSA, Symantec, HPE (ArcSight) and startups such as ThreatMetrix, Platfora and JASK. He has also held engineering roles at EMC/Documentum.
Mustafa Rassiwala