Cloud Hosting

Small- and medium-sized businesses and enterprises have accelerated their move into the cloud since the global pandemic. The Infrastructure-as-a-Service (IaaS) cloud computing model enables remote working, supports digital transformation, provides scale, increases resilience, and can reduce costs. However, this shift requires a thorough understanding of the security implications and how a business can protect its data and applications.

As with all technology introductions, its important to have clear security policies, tools, processes, and training. Cloud infrastructure is especially sensitive, as many critical applications are at risk, such as customer-facing applications. Companies that have embraced the cloud need to understand the Shared Responsibility Model: a security and compliance framework that explains what shared infrastructure and systems the cloud provider is responsible for maintaining and how a customer is responsible for operating systems, data, and applications utilizing the cloud. Unless the model is understood and followed, it could lead to data, applications, and cloud workloads being exposed to security vulnerabilities.

Good Dog Communications in Partnership with Verizon and Edgio recently hosted a webinar, The Rise of Cloud Exploitation, that spoke directly to cyberthreats targeting web apps and security best practices. Watch on-demand here.

How is the cloud being attacked and why?

Cloud exploitation involves targeting vulnerabilities in cloud infrastructure, applications, or services to gain unauthorized access, disrupt operations, steal data, or carry out other malicious activities. A cloud exploitation playbook could include attack vectors like distributed denial-of-service (DDoS) attacks, web application attacks, and bots with the number one attack target being web applications. According to the 2023 Verizon Data Breach Investigations Report (DBIR), the majority of cyber attacks are led by organized criminals looking to disrupt business and steal data to sell. The number one reason (95%) for cyber attacks is financial gain, with 24% of all cyber attacks involving ransomware.

Common cloud exploitation outcomes

What can businesses do? Respond to threats with speed

Threat detection and mitigation speed are important for three key reasons. First, adversaries are adept at learning from open-source intelligence to develop new tactics, techniques, and procedures (TTPs) making rapid security response imperative. Second, cyber criminals are well-organized and act fast. Verizons 2023 DBIR noted, more than 32% of all Log4j scanning activity over the course of the year happened within 30 days of its release (with the biggest spike of activity occurring within 17 days). And, finally, the importance of speed is clearly illustrated by the fact that companies that contain a security breach in less than 30 days can save $1M or more.

To reduce the risk of cloud exploitation, it is crucial that businesses implement strong security measures, such as robust access controls, encryption, regular security assessments, and monitoring of cloud environments. Implementing Web Application and API Protection (WAAP) at the edge is critical to identifying and mitigating a variety of threats such as DDoS attacks, API abuse, and malicious bots. Modern-day WAAPs utilize machine learning and behavioral and signature fingerprinting for early threat detection. Further, companies using AI and automation see breaches that are 74 days shorter and save $3 million more than those without.

A WAAP rapid threat detection and mitigation solution is an invaluable tool for DevSecOps teams to implement an optimized Observe-Orient-Decide-Act (OODA) loop to improve:

The latest innovation is a Dual WAAP capability that enables DevSecOp teams to test new rules in audit mode against production traffic to verify their effectiveness while lowering the risk of blocking legitimate site traffic. This increased confidence, plus the ability to integrate with existing CI/CD workflows, allows teams to push effective virtual patches out faster, closing the door on attackers more quickly than ever before. Additionally, with Dual WAAP, there is no WAAP downtime while updating rulesets, with new rules deployed across the global network sometimes in under 60 seconds.

The hidden threat: open-source code

The Verizon DBIR noted that exploited web application vulnerabilities account for 5% of breaches. These web application vulnerabilities can stem from codebases that use open-source code. In the Verizon webinar, The Rise of Cloud Exploitation, Edgios Richard Yew, Senior Director, Product Management Security, highlighted findings from the 2023 Synopsys report that showed the extent of open source code and how much risk exists in legacy applications. Here are some shocking findings:

To close

Cloud Infrastructure-as-a-Service has brought extreme agility to organizations. However, cloud exploitation is on the rise and it is clear from the Shared Responsibility Model that companies are partners in ensuring a secure enterprise. Cloud service providers play a crucial role in securing the cloud infrastructure, but companies must apply solutions to enhance security and protect against exploitation of operating systems, applications, endpoints, and data.

A powerful choice in the cyberthreat fight is a WAAP solution. It offers rapid threat detection and mitigation and is an invaluable tool for DevSecOps teams to implement an optimized Observe-Orient-Decide-Act (OODA) loop to improve both mean time to detect (MTTD) and mean time to respond (MTTR) as new threats arise.

Edgio is a global edge platform with 300+ Points of Presence and 250+ Tbps of capacity that helps companies build, secure, and deliver amazing app experiences. Its WAAP security platform enables organizations to implement effective security into modern web applications, innovate faster and mitigate risks with its unified, multi-layer approach. Talk to an expert to protect your cloud applications today.

Link:
How to manage cloud exploitation at the edge - CIO