Lag between detection and investigation of cloud attacks harms businesses
New research carried out by ESG for digital forensics platform Cado Security finds that 89 percent of companies have experienced a negative outcome in the time between detection and investigation of a cyber-attack on their cloud environments.
When asked about the challenges involved in dealing with incidents, 74 percent of security professionals say their organizations need additional data and context to conduct forensics investigations in cloud environments.
In addition 64 percent say it takes too much time to collect and process data to perform a timely investigation. While a worrying 35 percent of cloud security alerts are not investigated at all.
"The rapid move to the cloud is clearly outpacing security teams' ability to adapt their capabilities to respond to attacks within cloud-native environments," says Doug Cahill, vice president and senior analyst at ESG. "In particular, this research reveals that digital forensics capabilities in cloud environments are more nascent, and investigations are more difficult compared to traditional environments. Because of this challenge, 85 percent of organizations we surveyed plan to increase spending on cloud-native digital forensics solutions over the next 12 months."
Use of containers is further complicating things, the study shows 91 percent of organizations currently use or plan to use containers for production applications in the next 12 months, but 50 percent believe postmortem analysis of container-based incidents is impossible. These resources spin up and down continuously, so if malicious activity occurs between the time one is spun up and down that data is lost forever.
When asked what was need to improve their digital forensics, 65 percent of respondents cite the need to develop cloud skills within security operations teams, while 60 percent name the need to develop a better understanding of the threats targeting cloud environments.
"Detection platforms help ensure security teams are quickly alerted of malicious activity in the cloud, but when it comes to incident response, this is only the tip of the iceberg," says James Campbell, CEO and co-founder of Cado Security. "This research provides clear evidence of a huge gap in the market, as 79 percent of organizations recognize the need for cloud-specific digital forensics controls, yet they rely on legacy forensic tools not optimized for the cloud. This is driving strong demand for our Cado Response platform."
You can read more on the Cado blog.