Cloud security attacks are on the rise—and a lot of the blame can be placed on one factor: hackers are exploiting misconfigurations to access sensitive data. Whether customers fail to properly configure Amazon Web Services (AWS) settings for unrestricted outbound access or elastic block store (EBS) data encryption, the fact remains that 99% of misconfigurations go unnoticed in enterprise infrastructure-as-a-service (IaaS) environments.
Under the Shared Responsibility Model, these types of vulnerabilities fall squarely on the customer side of cloud security. Luckily, there's an easy defense: proactively arming your security and DevOps teams with cloud security best practices on how to deter these efforts and ensure data protection. Here are three security control measures that top our list.
Improve Visibility in Hybrid Workloads
A strong security posture begins with a holistic view of your cloud security environment. After all, it's on the shoulders of customers to manage the security of data in the cloud—AWS is just responsible for the security of the cloud. And the customer can't fix an issue unless they see it quickly and with enough context to act.
With this in mind, security operations, IT and developers alike need to be able to monitor and assess all cloud-based transactions in the network, without any communication gaps between departments. Rather than having to jump between products or interfaces, businesses should look for a single platform that provides a universal view across all systems. Silos are broken down, and no one is left in the dark.
Find a Proactive Method to Detect Misconfigurations and Threats
Did you know that 5.5% of AWS S3 buckets are misconfigured to have world-read permissions, making them open to the public? Or that 80% of organizations experience at least one compromised account threat per month? The proof is in the statistics: the risk of significant data loss in your security environment is high.
Businesses shouldn't base their approach to these issues around reaction, but should work actively to stay ahead of them. That means investing in top talent, yes, but even highly skilled cybersecurity professionals can only work as efficiently as the systems that support them. Teams who need to manually collect and correlate data, as well as prioritize issues, are far more likely to experience bottlenecks that will impact their time-to-resolve threats.
The good news is that there's a way to automate these tasks. Machine learning technologies (like ExtraHop's cloud-based ML) are designed to automatically alert security teams of anomalies—whether it's a misconfiguration or malicious data access—and prioritize the threats so security teams know where to focus their attention first.
Leverage Tools to Establish the Cause of Issues
While detection capabilities can tell you when a cybersecurity issue occurs in cloud-based environments, the dynamism of cloud assets and workloads means that it's equally critical to understand why the event occurred. (This is true on-premises as well, of course, but two of the primary benefits of the cloud are rapid development and experimentation—meaning that if a mistake allows one threat in, you'd better understand exactly what happened so you don't make the same mistake thirty more times in one week.)
By retracing the steps that led to the issue in the first place, businesses can help drive out future vulnerabilities and improve their security posture.
Investigative workflows, however, are not always built with the end-user in mind. In many cases, they can become so complex that they leave security teams with more questions than answers.
That's why it's important to pair automation tools that score threats with robust investigation tools that enrich detections. Security dashboards should provide context around risk scores, the devices involved, links to outside resources that highlight relevant tactics and next steps for investigators to take (among other useful details). With more information and guidance at their fingertips, security teams can establish root causes faster—a matter of hours versus days.
Watch this 4-minute video to see how easy it is to detect and investigate a threat—such as potentially risky DNS behavior—with ExtraHop Reveal(x), network detection and response for the hybrid enterprise: