Three ‘Must Solve” Challenges Hindering Cloud-Native Detection and Response
2024-11-5 17:46:7 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. Clearly, companies are shifting from testing the waters of cloud computing to making substantive investments in cloud-native IT. And attackers are shifting with them. As security teams level up to support the transition, three major issues keep impeding detection and response in the cloud.

1) Cloud-Native IT Blurs the Lines Between Layers of the Cloud Stack – it’s a True Paradigm Shift

Cloud applications, workloads and infrastructure have become increasingly connected and communicate with each other via trusted connections across assets, developers and identities. Within these trusted connections reside permissions to databases, S3 buckets, and many other resources, all of which are granted open or loose permissions so they can interact, unimpeded, with essential cloud services.

The implicit trust that cloud workloads have between pod-to-pod and node-to-node communication may be essential to smooth operations, but it comes at a cost. Not only does it leave the organization open to compromise, but if an attacker gets access to anything, they usually get access to everything. Locking down these permissions is a non-starter. Even though security teams are implementing the least privilege principle to ensure that every asset only has the connections they need, there will always be connections open. That means there will always be something connected to the internet or something connected to something connected to the internet — exposures subject to compromise.

Furthermore, since virtually all public cloud users are on AWS, GCP, Azure, and Oracle, it becomes easy for an attacker to know how an environment will be built. Defenders, on the other hand, face long learning curves as they adapt to protecting exponentially larger and more complex environments. Security teams need to adjust their mindset beyond shift left and get adept at shifting up and down the stack. And it’s on the vendor community to help them.

AWS

AWS Hub

2)  Security Teams are Still Adjusting to the Realities of Complex Cloud Environments 

One of the most challenging elements of cloud security is that cloud environments generate so much noise that it’s easy for questionable actions to occur unnoticed. As a result, attacks often go undetected because they look like legitimate behavior. And in this sea of noise and complexity, myriad risk vectors make things easier for attackers. The key is knowing which ones matter the most.

This year, non-human identities (NHIs) — machine identities such as access tokens, service accounts and third-party integrations —  have emerged as a key attack surface. There’s been plenty of chatter in the security community about NHI risk, but it’s worth repeating. NHIs possess high access privileges and usually have long-lived or non-expiring tokens or keys. And because they typically can’t be protected by multi-factor authentication (MFA), they are inherently exposed to exploitation once compromised. The amount of NHIs that reside in cloud environments, coupled with the fact that cloud providers employ different NHI authentication mechanisms and lifecycle management practices, has caused the risk they pose to skyrocket. To protect the massive levels of investment being made in cloud-native IT,  containing NHI risk MUST be a priority.

3) Cloud Security Tooling is too Siloed

This is, at heart, a technology maturity issue. Most SOC teams either lack the proper tooling or have so many cloud security point tools that the management burden is untenable. Cloud attacks happen way too fast for SOC teams to flip from one dashboard to another to determine if an application anomaly has implications at the infrastructure level.

Given the interconnectedness of cloud environments and the accelerated pace at which cloud attacks unfold, if SOC teams can’t see everything in one place, they’ll never be able to connect the dots in time to respond. More importantly, because everything in the cloud happens so fast, we humans need to act faster, which can be nerve-wracking and increases the chance of accidentally breaking something. It’s a legitimate concern, but if we want to stay ahead of our adversaries, we need to get comfortable with the accelerated pace.

While there are no quick fixes to these problems, the situation is far from hopeless. Cloud security teams are getting smarter and more experienced, and cloud security toolsets are maturing in lockstep with cloud adoption. And I, like many in the security community, am optimistic that AI can help deal with some of these challenges.

Time will tell.

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/11/three-must-solve-challenges-hindering-cloud-native-detection-and-response/
如有侵权请联系:admin#unsafe.sh