 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Gartner predicted a 20.4% increase in worldwide spending on public cloud services in 2022. This was due to the advent of cloud native application architectures like containers, Kubernetes and serverless that made it easier for organizations to deploy their applications in the cloud, which led to an increase in the adoption of public cloud infrastructure.
Meanwhile, an IDC survey revealed that 98% of companies experienced a cloud data breach in 2021, which is quite high, up from 79% in 2020. Unfortunately, organizations can’t just use their on-premises security solutions for the cloud.
Many cloud security tools focus on identifying and alerting about potential risks, such as control-plane misconfigurations, workload and application vulnerabilities, and insecure secrets management. Given the clear increase in data breaches, companies need to embrace cloud detection and response (CDR) in modern cloud security.
Cloud detection and response is a new approach to cloud security that focuses on detecting and responding to attacks in the cloud.
Cloud detection and response tools are used in both large-scale and small-scale organizations. Large organizations use security operations centers (SOCs) or incident response (IR) teams to prevent attacks. SOCs and IR teams use MITRE ATT&CK (MITRE Adversarial Tactics, Techniques and Common Knowledge) and NIST CSF (Cyber Security Framework) as their team frameworks. Small organizations, on the other hand, use their own IT team or outsource services such as managed detection and response (MDR).
There are two types of CDR solutions: agent-based solutions and agentless solutions.
CDR tools bring value to customers in the following stages:
Cloud detection and response solutions apply alert prioritization to help teams solve the most critical risks first and eliminate false positives. CDR tools provide full visibility into cloud assets and workload data, which serves as context data for cloud security.
CDR tools can analyze the severity of alerts based on their impact on the business, the accessibility of cloud assets to attackers and the potential for lateral movement upon exploitation using context-aware security intelligence. As a result, security teams are guided to the most critical attack paths, the exploitation of which could be detrimental to the business.
To effectively reap the benefits of cloud detection and response, follow the steps below.
Complete asset coverage is required for effective cloud detection and response. In this case, you must choose a reliable CDR solution with agentless capabilities that can not only automatically cover all cloud assets but also detect and monitor idle, paused and stopped workloads, orphaned systems and devices that are incapable of supporting agents.
Because it is difficult to install an agent on every asset, agent-based solutions are unsuitable for asset coverage since they cannot provide complete coverage.
To have a good understanding of what goes on inside the entire cloud environment, you must be aware of existing risks and threats across the following layers:
An effective CDR solution should be able to collect data. Cloud service providers (CSPs) offer their own built-in cloud threat detection capabilities, and CDR solutions access many of these services. Most CSPs use a combination of telemetry sources to identify attacks, including network flow logs that leverage analytics and supplemental sources of threat intelligence. When looking at CDR detection and response options, look for a single, centralized platform that ingests, aggregates, analyzes and presents data and telemetry with context.
An effective CDR security platform should use a central data model to collect and correlate contextual information about each asset, such as details about cloud workloads and configurations as well as potential risks in external and internal cloud communication. This context-aware data is key for ensuring that security teams swiftly identify and fix the most critical issues by focusing their efforts on the most exploitative attack paths based on their severity scoring.
To quickly assess and resolve issues, security teams must incorporate CDR solutions into their workflows. It’s typical to use remediation orchestration, alerting services, SIEMs, SOARs and ticketing systems, as well as incorporate CDR solutions into process technology integrations. These integrations will allow the SOC and IR teams to increase automation and productivity as well as improve remediation time. They should also enable security teams to organize, modify and incorporate automated alerts into ongoing operations.
Cyberattackers target applications and information stored in the cloud at an increasing rate. Therefore, it is important for organizations to ensure that cloud detection and response capabilities represent an integral part of their cloud security operations. Moreover, CDR platforms must provide clear and actionable information about active threats as well as enable rapid investigation and response without creating extra noise.
To learn more, read our comprehensive e-book, “The Essential Guide to Cloud Detection and Response.”
Further Reading
