The Cloud Can be a Dangerous Place. Are Your Public Cloud Workloads Safe?

The Cloud Can be a Dangerous Place. Are Your Public Cloud Workloads Safe?

public cloud Lastline Defender FIEnterprises have changed the way they interact with data and where their workloads reside. Approximately a decade ago, enterprises directly owned and housed servers that IT personnel maintained. These servers sat in data centers protected by multiple security controls around a well-defined perimeter.

All that has changed. More and more enterprises are now transitioning data and enterprise applications to the public cloud, oftentimes turning to Amazon Web Services (AWS), Azure, or Google Cloud. They make the shift to take advantage of the flexibility of elastic computing resources, lower costs, and easier maintenance.

Some organizations are shutting down their data centers entirely and moving all computer resources over to Infrastructure-as-a-Service (IaaS) providers like AWS. However, many enterprises are moving some, not all, of their servers to the public cloud. It’s likely that this hybrid infrastructure consisting of on-premises and cloud-based assets will dominate the market for the few next years, requiring security on two fronts, if you will.

Either way, there’s an old adage in security – wherever the data goes, so go the criminals.

Public Cloud Workloads at Risk

Not surprisingly, attackers are well aware of enterprises’ migration to the cloud. They are responding by developing new ways to target cloud workloads.

They employ a range of techniques to penetrate your cloud infrastructure, launch new instances, and move laterally to launch attacks on other workloads, ultimately harvesting and exporting data. These techniques include:

  • Targeting your servers in public subnets in your virtual public cloud (VPC) on AWS
  • Exploiting a misconfigured server with open ports to gain a foothold in your Internet-facing assets
  • Moving laterally in your public cloud to find servers in your private subnet that you thought were safe (because they did not have a route to the Internet)
  • Compromising servers running in your AWS instances and downloading data

Such attacks pose a serious security problem to organizations. Many companies have invested heavily in security capabilities for their on-premises workloads. But these solutions often don’t have the same level of efficacy, or simply don’t work at all, in the cloud. As a result, enterprises don’t have a good way to defend themselves against threat actors that go after their public cloud workloads.

Cloud Workload Protection

To adequately defend themselves in the cloud, enterprises are turning to a category of security controls known as cloud workload protection (CWP) products. However, organizations need more than just visibility into the internal cloud traffic and lateral movement that CWP products provide. Any security strategy for protecting cloud workloads that lacks visibility into malicious traffic entering, or suspicious data leaving the cloud environment is incomplete.

In order to prevent data exfiltration, organizations need to have the ability to see both the initial targeting of an asset in their public cloud and the subsequent lateral movement as the attack spreads.

Lastline Detects Threats Entering or Moving Laterally within AWS

Lastline Defender™ for Cloud is the first native cloud security solution that delivers unmatched visibility of advanced threats in both your internal and external public cloud traffic. Initially available for AWS, it gives you the ability to deploy Lastline’s industry-leading AI-powered threat detection to protect your cloud workloads, without the need to deploy agents or collectors. It’s the only native cloud Network Traffic Analysis (NTA) solution in the AWS Marketplace.

Our Lastline Defender for Cloud product provides immediate visibility into the topography of threats and intrusions across your public cloud workloads. You gain immediate visibility of malicious activity entering and operating within your AWS environment, enabling you to respond quickly to all aspects of the attack chain:

  • Inbound Exploits of Cloud Workloads: Prevent attacks against vulnerable applications and services in public clouds
  • Malicious Lateral Traffic: Detect when an attacker scans for other workloads, prevent discovery of additional services and block lateral movement and connection to an unusual port
  • Data Exfiltration: Detect and block anomalous data access before a bad actor can exfiltrate the data

AI-Powered Network Security

Other AI-based network security products apply Artificial Intelligence (AI) to network traffic only, without an understanding of malicious behaviors. Applying AI techniques to network traffic will inevitably find anomalous patterns of behavior within the network traffic – that’s what AI is designed to do. However, it’s virtually impossible for most AI-based tools to understand if the detected anomaly is malicious or benign. As a result, they offer low-fidelity, probabilistic alerts that result in many false positives and require hours of investigation. After all, not all anomalies are malicious, the result of attacks.

“AI Done Right”

Lastline is different. Lastline Defender for Cloud uses a combination of three complementary techniques to detect the advanced threats that other tools miss. Our technology:

  • Leverages the knowledge in our Global Threat Intelligence Network to scan traffic metadata and payloads for variants of known threats
  • Applies unsupervised AI to your network traffic to detect protocol and traffic anomalies
  • Uses supervised AI to automatically create classifiers that recognize malicious network behaviors and previously unknown exploits

Most AI-based network security products implement only the first two detection techniques.

Our AI is automatically trained both on network traffic and malicious behaviors. This unique combination enables deterministic detection, delivers the highest fidelity insights possible, and eliminates false positives. This means better enterprise security with fewer resources.

This is what we call “AI Done Right.”

Summary

Lastline Defender for Cloud provides unmatched protection of cloud workloads in AWS. Its AI-powered network security combines complete visibility into threats crossing your cloud perimeter as well as lateral movement of the threat inside your cloud environment.

Lastline Defender for Cloud is part of the Lastline Defender product family, enabling you to deploy a single solution to protect cloud and on-premises environments from advanced threats.

I invite you to learn more about how Lastline can protect your cloud workloads.

Bert Rankin

Bert Rankin

Bert Rankin has been leading technology innovation for over 25 years including over 5 years in security solutions that prevent cybercrime. He is a frequent blogger and is often quoted in security-related articles. Bert earned his BA from Harvard University and an MBA at Stanford University.
Bert Rankin