On May 17, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory (AA22-137A) regarding an ongoing trend of malicious exploits of security misconfigurations. The advisory identifies the most commonly observed exploited controls and practices and makes recommendations for best practices to mitigate the threats discussed. According to CISA, the current most widely used initial access techniques are exploits of:
- Public-Facing Applications
- External Remote Services
- Trusted Relationships
- Valid Accounts
As 79% of organizations have reported at least one cloud breach in the last 18 months – with 43% of those reporting 10 or more – the popularity of these exploit techniques likely comes as no surprise to cloud engineers and security teams working in multi-tenant cloud environments. By the end of 2021, 67% of enterprise IT infrastructure had migrated to the cloud, 81% of which now runs in multi-cloud environments.
Expanded Security Responsibilities in the Cloud
As cloud engineers know, current exploit trends track with the proliferation of misconfigurations. DevOps and SecOps battle along a dichotomy of faster release cycles and maintaining security integrity. At a minimum, this multi-directional tug-o-war for attention involves:
- Pressure to keep the CI/CD pipeline moving without allowing undetected open-source vulnerabilities through
- Fine-tuning cloud (and multi-cloud) architecture and configurations
- Orchestrating micro-service architecture through ever-changing container configurations and deployments
- Monitoring for known vulnerabilities and ensuring security best practices and policies are met
These disparate spheres of critical responsibility combine to create scenarios that exceed the capacity of even the most experienced and sophisticated engineers and operations teams. Reminiscent of Captain Picard of Star Trek’s famous bon mot – It has become possible to commit no mistakes and still lose. It’s no wonder that according to a survey conducted by Fugue of Cloud Professionals, 84% admitted to being concerned they have already suffered a major cloud breach that they have yet to discover.
Confident Runtime Security with Spyderbat on Your Shoulder
So what can be done? While it is important to take preventative security measures that detect vulnerabilities and enforce security policies, to maintain the pace of development and keep security postures at a 360-vantage point, teams need a second line of defense that covers the whole of their runtime attack surface in real-time. While drawing attention to a holistically new iteration of challenges, CISA’s recent advisory only prescribes more of the insufficient same for network defense best practices, telling organizations to “establish centralized log management,” configure alerts, and customize data retention periods. Organizations have put in so much effort to automate a continuous development pipeline, it’s time to automate intrusion detection and resolution in runtime environments.
Organizations need to balance their approach from trying to mitigate all possible threats in advance with live, runtime security. Spyderbat forms a global line of defense behind your teams, extending the reach of their existing capabilities to act with a swiftness and confidence that centralized log management simply cannot provide. A key difference between log management and Spyderbat is its universal trace across all network and system activity. With this trace, Spyderbat thrives in live Cloud environments, enabling defenders to catch successful exploits in real-time and definitively identify the root cause for quick and thorough mitigation.
Experience Enhanced Security Confidence on Release Day with Spyderbat
With Spyderbat, better security doesn’t have to be a zero-sum game with the pace of development.
To book a live demo and experience the satisfaction of crushing threat actors in real-time, contact Spyderbat today.