How organizations can get a handle on cloud security [Q&A]
As cloud-based enterprises continue to grow, the security threats in the cloud grow with them. Organizations operate in complex, multilayered environments that leave security teams scrambling to protect all of their organization's assets and resources. In fact, they may not even be aware of all of them.
What are the biggest risks they face today? And how can organizations mitigate their vulnerabilities?
We spoke with Gil Geron, CEO and co-founder of Orca Security, which has pioneered agentless cloud security, about the most common pain points, the advantages of an agentless approach, and how AI is proving to be a game changer.
BN: What are the main pain points organizations face in cloud security today?
GG: The biggest pain points that we hear about the most are security teams dealing with understaffing and burnout, lack of central visibility, and an overwhelming alert fatigue due to inadequate risk prioritization. Our alert fatigue survey found that the majority of security engineers receive 500+ cloud security alerts each day from multiple point solutions that don't talk to each other. It's taking a large part of their day just reviewing them all and deciding which ones need to be dealt with first. And this is before they can even start to think about remediation. In addition, with agent-based cloud security solutions, organizations face serious blind spots for at least 30 percent of assets because they don’t have an agent installed.
To relieve the burden on these security teams and help them be more productive with their time, a centralized cloud security platform with full visibility is needed that can accurately prioritize alerts by looking at context and the potential attack paths of each risk. This significantly reduces the number of alerts that need to be reviewed each day, allowing teams to start remediating the critical ones much faster. In addition, leveraging AI to simplify and accelerate cloud risk detection, investigation, and remediation is another important way to relieve daily workloads and significantly improve cloud security postures.
BN: In what ways is an agentless cloud security solution different from traditional security approaches used by enterprises?
GG: In environments where workloads are constantly changing, such as in the cloud, agentless solutions are far more effective than those that rely on agents being installed on each asset before they’re able to provide any visibility.
Agent-based security, which deploys agents to each endpoint, is the traditional way, but it works best with simple workloads in systems that use standard configurations and operating systems. It's a straightforward approach, but it's tedious to deploy, consumes resources and inevitably comes with coverage gaps that produce dangerous blind spots.
Agentless cloud security, on the other hand, provides 100 percent coverage by conducting external scans on cloud infrastructure and parsing configuration data, without requiring any deployment on workloads. It's fast and easy to deploy, and scans all cloud workloads -- including those the IT teams didn't know about. Compared to more traditional solutions, agentless cloud security is faster, simpler, more complete, and comes with much lower TCO.
BN: Can you share any insights into what attracts potential attackers, and how they operate?
GG: Bad actors, like most people, don't want to work harder than they have to. They're attracted to resources that are easy to discover. For instance, they can easily find public repositories and new commits in GitHub. Additionally, they can find assets exposed via a Transmission Control Protocol (TCP) port by using a resource like Shodan.
Orca's research found that as a result of this, GitHub vulnerabilities were discovered in two minutes and compromised almost instantly. Hypertext Transfer Protocol (HTTP) and Secure Shell (SSH) vulnerabilities were close behind. In comparison, S3 Buckets took an hour to discover, on average, and eight hours to compromise, which is still surprisingly fast. Elastic Container Registry (ECR) vulnerabilities were compromised after four months.
Attackers also focus on how often a resource is used, and how likely it is to contain secrets. In conclusion, the more popular the resource, the easier it is to access, and the more likely it is to contain sensitive information, the more attackers are inclined to do reconnaissance.
BN: What are some of the key security basics that can make the biggest impact in improving cloud security posture?
Following these three key security basics will have the biggest impact on cloud security posture:
- Enforcing least privilege: Since credential compromise is a leading attack vector, it is vital to ensure that users only have the privileges they require. In that way, even if an attacker is able to breach the environment, they’ll be limited in what they can do.
- Continuously deploy patches: Most attack paths start with CVEs. Attackers know this and are always searching for known vulnerabilities. Though it may not be practical to patch every vulnerability, prioritizing known vulnerabilities and those that expose your most critical business assets is critical.
- Leverage checklists and Center for Internet Security (CIS) benchmarks: Checklists can cut down on human error when creating and configuring cloud assets. Additionally, CIS benchmarks offer best practices that organizations should implement.
In addition, it's essential to continuously scan your entire cloud environment for risks. To do this effectively, organizations need a centralized platform that offers visibility across cloud accounts and workloads and automatically prioritizes risks, to avoid the alert fatigue that plagues security teams. A focus on the most critical risks is fundamental to achieving effective cloud security.
BN: What innovations are coming to support the industry's evolving cloud security needs? Is artificial intelligence playing a growing role in your platform’s advancement?
GG: We're always looking to push the envelope in cloud security, to improve our platform through innovation and solve real-world problems for customers.
We built the industry's first agentless cloud security platform to eliminate lengthy and labor-intensive deployments and received a patent for our agentless SideScanning technology, which enables complete scans for cloud risks in minutes, without the hindrances you get with agent-based solutions.
Now, we are very focused on leveraging generative AI, including ChatGPT, Azure OpenAI, and other major cloud security provider AI models to simplify cloud security and reduce the time needed to identify and mitigate risks. From generating remediation instructions and providing optimal IAM policies, to enabling plain language searches across the entire cloud environment, our AI innovations are helping decrease daily workloads and accelerate cloud security.