By Subhalakshmi Ganapathy, Product Evangelist, ManageEngine
When an IBM study found that cyber risk is the only challenge weighing more heavily on the Canadian C-Suite than environmental sustainability, it came as no surprise. With recent, major cyberattacks at University of Windsor, the National Library of Quebec, Sunwing Airlines, and the National Research Council of Canada, our country’s CEOs are looking for ways to secure the cloud. Unfortunately, they may not be looking in the right places.
Securing the Cloud
According to a publication issued by the Canadian Centre for Cyber Security, securing the cloud can be even more complicated than protecting an on-premises network. Cloud vendors provide various APIs, such as Platform as a Service APIs, Software as a Service APIs, and Infrastructure as a Service APIs, which increases the complexity of adopting a multi-cloud environment and governing a variety of APIs and interfaces. Add to that the ongoing effort of establishing cloud policies, controls, and configuration attributes and dealing with post-deployment configuration changes—without constant monitoring, this scenario is a data leak waiting to happen.
In on-premises networks, intrusions are one of the most common threats. Adversaries try to exploit open ports and vulnerabilities in internet-facing endpoints to break into the network. Later they move laterally within the network to gain hold of high-profile accounts or critical resources to carry out attacks. They also employ slow exfiltration tactics and techniques to sneak sensitive data out of the network without being detected. With the cloud, all adversaries need to do is take control of APIs to hijack resources and steer sensitive data to their command-and-control servers.
Clear and Present Danger
A May 2022 alert issued by cybersecurity authorities in Canada, New Zealand, the Netherlands, the United Kingdom, and the United States warns that misconfigured cloud services and weak security controls leave enterprise networks vulnerable to the theft of sensitive data. This is further emphasized in the 2021 IBM Security X-Force Cloud Threat Landscape Report, which attributes two-thirds of cloud incidents to misconfigured APIs. Gartner predicts that number will be even higher in the future, anticipating that by 2023, at least 99% of cybersecurity incidents will be due to cloud resource misconfigurations.
What Really Works?
Organizations are adopting different tools to address cloud security concerns, such as keeping shadow IT in check, stopping malicious API traffic, ensuring that the right security policies and controls are employed, and detecting and fixing misconfigurations. However, when these tools are disjointed and don’t communicate with each other, it adds more complexity to ensuring cloud security.
While visibility, shadow IT, and cloud traffic monitoring concerns can all be addressed using a cloud access security broker (CASB), detecting and fixing misconfigurations across the infrastructure, platforms, and software hosted on the cloud can be done using cloud security posture management (CSPM) tools. A security information and event management (SIEM) tool, with its behavioral analytics and extended detection and response (XDR) component, can complement CASB and CSPM solutions in ensuring cloud security.
SIEM tools act as a platform where all security data is consolidated and analyzed. Contextual security inputs such as threat feeds, malware data points, and vulnerability scanners’ inferences are fed to the system for effective analysis. With artificial intelligence and machine-learning-based behavioral analytics, security events are better analyzed and the red flags are spotted accurately. SIEM tools often offer security orchestration, automation, and response (SOAR) or XDR components to simplify incident resolution, helping security operations centers keep track of their key metrics.
The Case for Converging All Security Tools
As organizations rush to the cloud, a growing number experience breaches and face consequences that, in Canada, include financial losses that averaged about $5.4 million per incident in 2021, up from an average of $4.5 million the previous year. Fortunately, the cybersecurity market understands the importance of integrating security tools. Consolidating all tools, such as threat intelligence platforms, SOAR, and XDR will help businesses formulate stronger security strategies and defense systems to keep attackers at bay.