According to Gartner, pandemic-induced surge in public cloud spend is predicted to run until 2024 (reference: ComputerWeekly). This increase is fueled by organizations wanting to conserve cash, optimize IT costs and support & secure a remote workforce and ensure resiliency. Increased cloud footprint translates to an increased attack surface for most organizations. Cyber attacks on cloud services have increased 630% since January 2020, as per McAfee Cloud Adoption and Risk Report. Securing public cloud is a shared responsibility between the public cloud provider and their customer. This turns out to be a productivity drain since traditional cybersecurity solutions increase the burden for customers. Also these solutions do not take a comprehensive approach to cloud security.
Let us take a look at what makes securing public cloud so challenging:
- Traditional vulnerability management solutions require customers to install agents / sensors across their fleet of cloud instances. This approach simply does not scale well given the elasticity and scale of the cloud environment.
- Ephemeral cloud instances implies there is no easy way to delete older stale systems.
- Comprehensive cloud security requires vulnerability assessment of cloud & container instances, container registries, and security posture management of the cloud (CSPM). Unfortunately you end up having to use/deploy different solutions for these. While risk from misconfigurations are often overlooked, it is important to note that Trend Micro indicates that around 230 million cloud misconfigurations occur every day.
- Most solutions require that you share cloud credentials or OS credentials (SSH private keys or Windows credentials) for cyber security assessments. This is not secure since a potential compromise of your cloud security provider puts you directly at risk.
- Most organizations have adopted multiple clouds (AWS / Azure / GCP) and security teams fail to get a complete picture across different cloud providers.
Now let us take a view of the simplified approach to cloud security using ThreatWatch:
- No agents / sensors that need to be deployed – This is certainly a welcome change given the complexities involved in deploying agents / sensors across your fleet of cloud instances. If you are wondering how it works without agents / sensors, ThreatWatch leverages native inventory provided by the cloud provider. Most large public cloud providers (AWS, Azure, GCP) do an excellent job at compiling inventory and ThreatWatch can ingest this inventory for vulnerability assessments.
- Given that ThreatWatch works on the native inventory from the cloud provider, there is no need for any vulnerability scans in your cloud environment. Virtual vulnerability assessment happens in your ThreatWatch subscription and it is “always on” i.e. you get notified the moment a new vulnerability impacts any of your could instances (that too without any scans).
With the simplified approach there is no need for you to share sensitive details like cloud credentials or OS credentials with ThreatWatch cloud service since there are no agents or sensors in the first place. Also to address the ephemeral nature of cloud instances, you can setup a policy in ThreatWatch to automatically purge stale assets after a specified duration.
This simplified approach may sound too good to be true, but it is TRUE. And it brings the following benefits for you:
- Increased productivity as there are no agents / sensors to deploy and manage.
- Increased security since you don’t need to share cloud / OS credentials with ThreatWatch service.
- Higher efficiency as there are no vulnerability scans happening in your cloud.
- More effective – ThreatWatch Attenu8 AI/ML platform provides early warning with automatic prioritization of vulnerabilities.
- Comprehensive coverage – ThreatWatch provides complete coverage for cloud instances, container instances, container registries, cloud security posture management and more. This includes code level security for your server-less code/functions as well.
ThreatWatch offers agent-less, scan-less, credential-less continuous & comprehensive security for your cloud
Are you interested in simplifying your approach to cloud security? If yes, then write to us to know more.