Cloud security is the practice of protecting data and applications hosted in third-party services, from AWS and Azure, to Salesforce and Microsoft 365. This has become a critical area of cyber defense as organizations accelerate digital transformation in an effort to fuel innovation, efficiency, and collaboration at scale. Yet cyber-criminals targeting vulnerable data in the cloud are exploiting this widened attack surface to launch attacks which static security tools struggle to detect and contain. This has played out in several ways:
An immune system for cloud security
To complement static and siloed controls, organizations are turning toward self-learning cloud security for unified and bespoke protection across hybrid, multicloud, and containerized environments.
Autonomous Cyber AI:
- Detects malicious behavior across cloud workloads and accounts
- Manages complexity and unifies diversity across hybrid and multicloud
- Meaningfully reduces time to detection, containment, and triage
- Adapts ‘on the job’, and at the speed and scale of cloud deployments
Cloud security risks
Insider threat is a dangerous attack vector which has taken on a new dimension and agility via the cloud. These types of attacks originate from within the organization – through disgruntled, careless, or compromised employees, cloud consultants, and other business associates who abuse their access to internal systems.
Malicious insiders in particular have the advantage of familiarity with the systems they manipulate. By leaking data slowly over days and weeks, these actors are uniquely positioned to compromise entire cloud environments and evade static controls designed to monitor abnormal activity.
The possibility of an external attacker using legitimate credentials has become a critical risk for organizations with little to no visibility in the cloud. By taking over an account and evading traditional security controls, these actors have the potential to jeopardize an entire organization’s cloud assets, especially as employees continue to re-use passwords across personal and professional accounts.
Beyond stealing or altering critical data, cyber-criminals can use system admin credentials to leverage the cloud’s computing power for their own nefarious purposes, spinning up cloud instances to launch extensive crypto-mining operations or Distributed Denial-of-Service (DDoS) attacks.
Beyond direct cyber-attacks, one of the most common threat vectors in the cloud continues to be critical misconfigurations. While human error can never be completely avoided, misconfigurations are often a natural consequence of the agility of deployment and rapid instantiation of test containers and data sets facilitated by the cloud, which often lead users to move quickly at the expense of security.
Unsecured APIs have become one of the most impactful misconfigurations in the cloud, being listed in the Top 10 OWASP Application Security Risks. An application’s API is ultimately the interface to back-end data, so any vulnerability in error response handling would naturally be an attractive target for cyber-criminals with a range of motivations.
Types of cloud security: Limitations of native and third-party tools
Against this backdrop of evolving threats, CSPs and third-party vendors have developed a range of security tools to help defend the customer’s portion of the Shared Responsibility Model, which outlines the respective security roles of Cloud Service Providers (CSPs) and customers across the main cloud service models. While these solutions can provide some measure of protection, they are often ill-equipped to defend against advanced threats in the cloud.
CSP-native security controls
Apart from securing their own portion of the Shared Responsibility Model, most cloud providers offer native solutions to help customers implement basic cyber hygiene in the cloud. These can span from firewalls, two-factor authentication and IAM tools, through to log monitoring and threat intelligence integrations.
While these native controls are a good start and can contribute to an organization’s overall defense-in-depth strategy, they are often not sufficient in practice. As organizations continue to adopt cloud services from multiple providers, native controls cannot be relied upon to provide comprehensive and adaptive coverage, as they are often exclusively designed for the cloud environment of the specific provider.
Third-party cloud-specific tools
Third-party vendors have also begun to develop cloud-specific security solutions like Cloud Access Security Brokers (CASBs), Cloud Workload Protection Platforms (CWPPs), and Cloud Security Posture Management (CSPM) to fill in the gaps left by native controls.
While these capabilities have their place, they will often fail to catch novel and sophisticated attacks due to their backward-looking approach, which relies on knowledge of past threats to spot future ones.
Cloud security solutions
Powered by Autonomous Cyber AI, the Darktrace Immune System platform fills these gaps and protects the cloud using self-learning technology that understands ‘normal’ at every layer, dynamically analyzing the dispersed and unpredictable behaviors that show up in cloud and collaboration platforms, as well as email and the corporate network. This allows the system to identify subtle deviations indicative of a threat – from an unusual resource creation or open S3 bucket in AWS, to suspicious data movement in Salesforce, to a new inbox rule or strange login location in Microsoft 365.