The Challenge of Obtaining Visibility into Cloud Security
Digital criminals are increasingly pivoting to the network after initially attacking an endpoint or publicly accessible cloud. Indeed, a network foothold enables attackers to move laterally to more valuable public cloud workloads. They can then steal their target organization’s sensitive information and monetize it in whatever way they deem fit.
Many of us are fighting back against the threat of lateral movement by augmenting our visibility over the network. However, we’re constantly running into challenges in the cloud. When using AWS Virtual Private Cloud (VPC) or Azure Virtual Networks (VNets) to detect threats in network traffic, for instance, we’re missing packets’ application-level context. We thus can’t detect the malicious activity that hides within them.
In this blog post, we will discuss why achieving visibility into the cloud continues to pose a challenge. We’ll then explore how we can gain the requisite level of visibility in the cloud.
Why Visibility in the Cloud is Such a Challenge
Obtaining visibility in the cloud largely boils down to the complexity that characterizes our cloud environments. First, cloud-based assets tend to be more short-lived than more traditional IT assets. Serverless computing is gaining popularity in public clouds where the Cloud Service Provider (CSP) fully manages underlying infrastructure, scalability and availability. A few examples of short-lived cloud assets the CSP provides include an AWS Lambda function invoked by a trigger to execute a specific task and an Istio-based microservices application that automatically scales up or down a specific instance of a microservice.
These types of short-lived activities stand in stark contrast to that of servers and laptops, traditional IT assets that tend to spend years connected to the network. As a result of such constant change, we struggle to manually achieve complete network visibility, as it’s difficult to keep track of everything that’s connected to the network over a period of time.
Second, our cloud environments are inherently complex. That’s because many if not most of us don’t have a single cloud. In its 2019 State of the Cloud Survey, for instance, 84% of participating organizations told RightScale that they had a multi-cloud strategy. The study also found that the proportion of respondents with a hybrid cloud strategy had grown slightly from 51 percent in 2018 to 58 percent a year later.
While using multiple cloud environments might suit our business needs, it makes it difficult for us to find centralized and unified security solutions that can work across multi-clouds as well as on-premises data centers. Traditional security controls that we might be inclined to apply to the cloud reflect the security needs of the static data center. As such, they might not protect dynamic and unpredictable cloud workloads as well.
Given these and other complexities, it’s no wonder that many of us struggle with obtaining visibility over the cloud. Here are just a few studies that illustrate this fact:
- In its 2019 Cloud Security Report, a third of respondents told Cybersecurity Insiders that a lack of visibility was an operational security headache for their SOC teams. Only compliance received more attention at 34% of survey participants.
- In a survey from Dimensional Research, just one-fifth of IT professionals said that they had complete and timely access to their data packets in public clouds. (The rate was somewhat better for private clouds at 55% of respondents.) Nearly nine in ten respondents disclosed their concerns that a lack of cloud visibility was obscuring security threats facing their organizations.
- When asked to rank the most difficult aspects involved with managing public cloud security on a scale of 1 to 4, respondents to the Cloud Security Alliance’s Cloud Security Complexity: Challenges in Managing Security in Native, Hybrid and Multi-Cloud Environments study ranked lack of visibility as a 3.21. This issue followed just behind misconfigurations and security risks as the biggest challenge with a ranking of 3.35.
The findings presented above are troubling. Without adequate visibility, we could easily lose control over our cloud-based assets and resources. Forbes notes that digital attackers could abuse improper security controls to access our cloud environments, conduct reconnaissance and follow up with secondary attacks including lateral movement, privilege escalation and data exfiltration. They could also hijack our cloud-computing resources and install cryptomining malware more quietly than they could in the data center.
How Organizations Can Gain the Necessary Visibility in the Cloud
We need to have a strategy for gaining the necessary degree of visibility in the cloud. This strategy should include collecting and analyzing data that traverses north-south and east-west network traffic flows. North-south (ingress/egress) is traffic between the Internet or your on-premises environment and your cloud workloads. East-west traffic flows between virtual networks or between subnets.
Lastline Defender for Cloud does much more than just look at VPC or VNet flow logs to detect threats in cloud network traffic. Full packet visibility makes it possible to detect threats hiding inside packets and provides application-level context for faster remediation.
Lastline Defender for Cloud gives you a wide range of deployment options for complete public cloud security visibility. These include:
- VNet Analysis delivers in-line, full packet (DPI) visibility into any malicious content and anomalous activity in both north-south and east-west traffic.
- Ingress Routing delivers in-line, full packet (DPI) visibility into any malicious content in the ingress/egress traffic between the Internet and cloud workloads (north-south traffic).
- VPC Traffic Mirroring inspects traffic between VPCs as well as within a VPC for malicious content (east-west traffic).
- VPC Flow Log Analysis analyzes VPC flows for network anomalies, connection anomalies, and data transfer anomalies (east-west traffic).
Watch Our On-Demand Webinar: Don’t Let Cyber Threats Jeopardize Your Cloud Transformation.
Dr. Christopher Kruegel, Lastline Co-founder and Chief Product Officer, discusses the shortcomings of traditional cloud security solutions and how Network Detection and Response (NDR) provides more effective protection.
Latest posts by Suresh Kasinathan (see all)
- You’re One Cloud Misconfiguration Away from a Data Breach - May 5, 2020
- The Challenge of Obtaining Visibility into Cloud Security - March 31, 2020
- Why Monitoring East-West Traffic is Crucial for Cloud Security - March 18, 2020