The Cat-and-Mouse Game of Cloud Security
Coined in 1675, the phrase “cat-and-mouse game” has existed for over 300 years, and this timeless saying applies swimmingly to today’s cloud security landscape. With each iteration of innovation on the “evil doer” side, serving as impetus for the “good guys” to develop a solution - this volley is continuous. At Cloud Expo this week, I had the opportunity to sit down with Alert Logic’s Chief security Evangelist Stephen Coty to discuss a subject he is quite passionate about, security.
Alert Logic is a firm on the rise; it recently opened a new office in Belfast office, is experiencing raising revenue and is expanding its partner ecosystem.
Annually, Coty sees over a million incidents, and this year as he began reviewing his data for an upcoming security report where the immediate results display that on-premises attacks are done with a lot more brute force than in the past. And, when looking at the cloud there is a growing number of web applications to perform these nefarious acts.
The key, in Coty’s eyes is twofold: Solid threat intelligence and research, which results in improved awareness and notifications. For example, Coty highlighted a recent scenario with a client where the client fell victim to an attack, but within seven minutes the Alert Logic team was able to identify and take action, and within 10 minutes the client was notified resulting in a collaborative effort to ensure the company’s infrastructure was secure. Coty explained that “by breaking out the indicators of compromise, you find different points of detection of a certain attack,” and in this instance it saved the client invaluable time and money.
Coty is optimistic, noting “We’re getting ahead of the ransomware piece. But the threat is more real than ever, he stated that we are still seeing crosseyed scripting and advanced attacks. Some tactics, like sql injection, have been in the hacker toolbox for nearly 20 years.
While he is optimistic about the ransomware component, Coty stated, “The tricky ones will be the ransomware as a service,” scared yet? This is exactly as it sounds, basically turnkey hacking. This is big money, and actually mirrors the upstanding tech world by offering clients SLAs including points of note like continuous modifications to ensure the attackers remain successful in their endeavors and out of handcuffs.
Coty illustrated this cat and mouse game with the crypto wall. It came out, a researcher reverse engineered and then there’s the next version. The back and forth is a constant, making the intelligence and research component mission critical to maintaining a secure network.
Alert Logic exists on the forefront of this ping pong game, and recently released its Cloud Insight vulnerability management solution. Combined with Alert Logic’s Cloud Defender, Cloud Insight was built on AWS for AWS. It provides a complete interface with user friendly green-yellow-red indicators to illustrate where the network is vulnerable. Cloud Insight lays everything out there in an easily digestible format.
Creating an environment to minimize risk and promote security starts with understanding, while the notion of shared responsibility sounds great in practice a lack of education keeps this “team” approach, from achieving its intended goal. With an appropriate strategy in place, successful attacks and the negative consequences are preventable. “Fire an IT guy on Friday, but forget to remove their cloud access, “and the results can be devastating explained Coty. An appropriate strategy prevents this type of scenario.
Don’t allow a false sense of security to creep in; long term monitoring is a necessity, not a nicety. With Alert Logic for instance, after a few hours (not days) the team is monitoring a client’s network 24/7. With nearly a third of its team made up of security analysts, “people can sleep well at night knowing that someone is watching their data,” Coty noted.
So the next time you say goodnight John Boy, you can do so with peace of mind.
Edited by Stefania Viscusi