The Cloud Can be a Dangerous Place. Are Your Public Cloud Workloads Safe?
Enterprises have changed the way they interact with data and where their workloads reside. Approximately a decade ago, enterprises directly owned and housed servers that IT personnel maintained. These servers sat in data centers protected by multiple security controls around a well-defined perimeter.
All that has changed. More and more enterprises are now transitioning data and enterprise applications to the public cloud, oftentimes turning to Amazon Web Services (AWS), Azure, or Google Cloud. They make the shift to take advantage of the flexibility of elastic computing resources, lower costs, and easier maintenance.
Some organizations are shutting down their data centers entirely and moving all computer resources over to Infrastructure-as-a-Service (IaaS) providers like AWS. However, many enterprises are moving some, not all, of their servers to the public cloud. It’s likely that this hybrid infrastructure consisting of on-premises and cloud-based assets will dominate the market for the few next years, requiring security on two fronts, if you will.
Either way, there’s an old adage in security – wherever the data goes, so go the criminals.
Public Cloud Workloads at Risk
Not surprisingly, attackers are well aware of enterprises’ migration to the cloud. They are responding by developing new ways to target cloud workloads.
They employ a range of techniques to penetrate your cloud infrastructure, launch new instances, and move laterally to launch attacks on other workloads, ultimately harvesting and exporting data. These techniques include:
- Targeting your servers in public subnets in your virtual public cloud (VPC) on AWS
- Exploiting a misconfigured server with open ports to gain a foothold in your Internet-facing assets
- Moving laterally in your public cloud to find servers in your private subnet that you thought were safe (because they did not have a route to the Internet)
- Compromising servers running in your AWS instances and downloading data
Such attacks pose a serious security problem to organizations. Many companies have invested heavily in security capabilities for their on-premises workloads. But these solutions often don’t have the same level of efficacy, or simply don’t work at all, in the cloud. As a result, enterprises don’t have a good way to defend themselves against threat actors that go after their public cloud workloads.
Cloud Workload Protection
To adequately defend themselves in the cloud, enterprises are turning to a category of security controls known as cloud workload protection (CWP) products. However, organizations need more than just visibility into the internal cloud traffic and lateral movement that CWP products provide. Any security strategy for protecting cloud workloads that lacks visibility into malicious traffic entering, or suspicious data leaving the cloud environment is incomplete.
In order to prevent data exfiltration, organizations need to have the ability to see both the initial targeting of an asset in their public cloud and the subsequent lateral movement as the attack spreads.
Lastline Detects Threats Entering or Moving Laterally within AWS
Lastline Defender™ for Cloud is the first native cloud security solution that delivers unmatched visibility of advanced threats in both your internal and external public cloud traffic. Initially available for AWS, it gives you the ability to deploy Lastline’s industry-leading AI-powered threat detection to protect your cloud workloads, without the need to deploy agents or collectors. It’s the only native cloud Network Traffic Analysis (NTA) solution in the AWS Marketplace.
Our Lastline Defender for Cloud product provides immediate visibility into the topography of threats and intrusions across your public cloud workloads. You gain immediate visibility of malicious activity entering and operating within your AWS environment, enabling you to respond quickly to all aspects of the attack chain:
- Inbound Exploits of Cloud Workloads: Prevent attacks against vulnerable applications and services in public clouds
- Malicious Lateral Traffic: Detect when an attacker scans for other workloads, prevent discovery of additional services and block lateral movement and connection to an unusual port
- Data Exfiltration: Detect and block anomalous data access before a bad actor can exfiltrate the data
AI-Powered Network Security
Other AI-based network security products apply Artificial Intelligence (AI) to network traffic only, without an understanding of malicious behaviors. Applying AI techniques to network traffic will inevitably find anomalous patterns of behavior within the network traffic – that’s what AI is designed to do. However, it’s virtually impossible for most AI-based tools to understand if the detected anomaly is malicious or benign. As a result, they offer low-fidelity, probabilistic alerts that result in many false positives and require hours of investigation. After all, not all anomalies are malicious, the result of attacks.
“AI Done Right”
Lastline is different. Lastline Defender for Cloud uses a combination of three complementary techniques to detect the advanced threats that other tools miss. Our technology:
- Leverages the knowledge in our Global Threat Intelligence Network to scan traffic metadata and payloads for variants of known threats
- Applies unsupervised AI to your network traffic to detect protocol and traffic anomalies
- Uses supervised AI to automatically create classifiers that recognize malicious network behaviors and previously unknown exploits
Most AI-based network security products implement only the first two detection techniques.
Our AI is automatically trained both on network traffic and malicious behaviors. This unique combination enables deterministic detection, delivers the highest fidelity insights possible, and eliminates false positives. This means better enterprise security with fewer resources.
This is what we call “AI Done Right.”
Lastline Defender for Cloud provides unmatched protection of cloud workloads in AWS. Its AI-powered network security combines complete visibility into threats crossing your cloud perimeter as well as lateral movement of the threat inside your cloud environment.
Lastline Defender for Cloud is part of the Lastline Defender product family, enabling you to deploy a single solution to protect cloud and on-premises environments from advanced threats.
I invite you to learn more about how Lastline can protect your cloud workloads.
Latest posts by Bert Rankin (see all)
- The Cloud Can be a Dangerous Place. Are Your Public Cloud Workloads Safe? - March 6, 2019
- Cybersecurity Statistics for 2019: The Chances Your Business Will Be Attacked - February 21, 2019
- AI Done Right – Not all AI-powered Network Security is Created Equal - February 13, 2019