Cloud native security threats have changed in the past few years with new technologies and cyber criminal motivations. The vast potential of the cloud has made computational power difficult to manage from a cybersecurity perspective. For example, cloud native applications and environments introduce a variety of new threats requiring a different approach. Many enterprises in 2018 dealt with cryptocurrency mining attacks and more.
To get a solution provider’s perspective on these issues, we spoke with a variety of experts at Twistlock. Twistlock offers container and cloud native application cybersecurity. Be sure to check out the other two articles in our chat with Twistlock, here and here.
What are the most common pain points this year regarding securing and deploying applications in the cloud?
John Morello, CTO
Cloud sprawl is real and getting worse as more and more cloud services are introduced. Just as with server sprawl and VM sprawl before it, the challenge with cloud sprawl is governance and knowing what you actually have running as you can’t secure what you don’t know about. Cloud providers make it so easy and seamless to create new services that it’s easy to experiment, move on, and then forget that you’ve deployed a database or app exposed to the world. Organizations should stress operational discipline like using automation for all deployments. This way, there’s clear boundaries, a defined process, and a basic record of the services they’re using.
The Equifax data breach was part of the larger security discussion in 2017 and into 2018. How have security teams adapted and do your customers think differently about security following the hack? What changes have occurred this year?
John Morello, CTO
Equifax was a good example of what I often talk to customers about. Most attacks do not involve awe-inspiring skill and 0-day exploits. Since so many well known CVEs exist, organizations fall behind the curve in fixing them. Thus, they’re often the path of least resistance. Similarly, there’s little value in finding the best firewalls and runtime technologies if you ignore the basics and just keep software up to date. The trend of having security embedded earlier in the development process helps with this. But, as an industry, we need to move from a visibility to an enforcement model. Specifically, to ensure vulnerable components can’t be deployed in the first place and to integrate security tooling into the CI/CD flows to do that automatically, as part of every deployment.
Ben Bernstein, CEO
The Equifax hack demonstrated how easy it is to hack into organizations who don’t update their software regularly. I believe, that this became a very common datapoint SecOps use to explain why it can’t just be “DevOps” and there needs to be a “DevSecOps” element in the environment.
2018 saw cryptomining surpass ransomware as the most popular cybersecurity threat. Anti-mining defenses should be an integral part of any cloud security plan. What can we expect from miners in cloud native environments in the coming year? Is it here to stay in the enterprise? What strategies will be most important?
Dima Stopel, VP of R&D and Co-founder of Twistlock
Considering the value of major cryptocurrencies, I believe we will continue seeing the trend of using any possible resource to generate crypto coins. It shouldn’t be covered as part of a general defense mechanism. Major security providers should treat cryptocurrency related attacks as a first class citizen. For example, it is easy to masquerade a crypto mining software to be hard to differentiate from regular software so that it isn’t detectable by regular security tools. One must develop a specific set of tools to detect such behavior.
We’ve invested in this at Twistlock. Enterprises become notable targets due to environments with high computational potential. These environments often become exposed to the internet because of proprietary applications. In such cases, one must run crypto-threat aware detection and protection tools within the environment to make sure no one exploits company’s computational resources for crypto mining.
Where do you see the future of cybersecurity studies/education heading? What would be a more modern approach to leveling up cybersecurity skill sets?
John Morello, CTO
Cybersecurity education today typically teaches in isolation, as though a separate discipline from IT itself. It’s impossible to secure systems you don’t understand and the focus on scan and attack tools and techniques as the center of many cyber education programs misses the market. In today’s digital world, to be an effective cyber practitioner, you must first be an effective IT practitioner and then layer security skills and analysis on top.
Further, you must have a core understanding of risk management concepts. Then, you can connect with business leaders who view cyber as a set of risks to be mitigated or accepted. It’s relatively easy to find someone who can port scan a network. However, finding someone who understands and interprets the results proves difficult. They also must articulate this information to an executive and help them understand their exposure and how to prioritize it.