Users of cloud computing resources have a tendency to make the same mistakes over and over again, with the vast majority — about 80% — of alerts seen by security teams triggered by a tiny 5% of security rules, the findings show. have been prescribed in a report compiled by Unit 42 Research Unit of Palo Alto Networks.
In Cloud threat report, navigating the growing attack surface – Seventh in an ongoing series – Unit 42 analyzed workloads drawn from 210,000 cloud accounts across 1,200 different organizations and investigated a number of real-world security incidents originating through cloud environments.
They found repeatedly that almost every organization had a small set of risky behaviors that were often seen in their cloud workloads. The most regularly observed of these were unrestricted firewall policies, exposed databases and unenforced multifactor authentication (MFA) policies – 76% of organizations do not enforce MFA for console users, the report said.
“all of [these] potentially generated by a different number of engineers and IaC [infrastructure-as-code] template,” wrote lead researcher Jay Chen and his team. “These issues vary from organization to organization, but the takeaway is the same for all of them — a small number of repeatable issues drive the largest percentage of problems.”
The team also found that it takes an average of 145 hours – about six days – to respond to a security alert, and 60% of organizations take more than four days to resolve a security alert. By prioritizing treatment of these three issues, security teams can not only help their organizations maximize the return on their security investment, but potentially eliminate many of their day-to-day headaches in one fell swoop.
“After two decades of rapid cloud adoption by organizations, 2023 can be considered a turning point for cloud security. The rate of cloud migration shows no signs of slowing down – to $370bn [£297.6bn] in 2021, with a forecast to reach $830bn [£667.6bn] In 2025 – many cloud-native applications and architectures have already had time to mature,” said Ankur Shah, senior vice president of Prisma Cloud at Palo Alto Networks.
“The dynamic nature of cloud technology – with feature updates in public cloud services, new attack methods and widespread use of open-source code – is now driving an awareness of the inherent risks of modern, cloud-native development. As more organizations As the adoption of cloud-native technologies increases, the number of cloud-native applications grows. The popularity and complexity of the technology then expands the attack surface with vulnerabilities and misconfigurations for cybercriminals to exploit,” he said.
While user-generated issues, including insecure configurations, remain the primary concern when it comes to cloud security, the Unit 42 team has also highlighted issues that arise from ready-to-use templates and default configurations offered by cloud service providers (CSPs). There are
He added that while these default options may seem convenient enough, they don’t do it lightly to “position users to the most secure initial state.”
latest version of cloud threat report Highlights the use of open source software and components as one of the driving forces behind the cloud revolution and how this trend has increased risk by introducing greater complexity, depreciated or abandoned software, malicious content and slower patching cycles The possibility of such problems increases. , all increasing the pressure on organizational security.
increasing attack surface
As the title of the report suggests, Unit 42 said organizations should expect that the attack surface of cloud-native applications will continue to evolve going forward, and that threat actors are getting “increasingly creative” in targeting them. “We have to find ways.
As such, the report also includes a number of practical suggestions, such as implementing MFA policies and enabling features such as automated alert triage and remediation, control plane audit logs, automated backups, and data-at-rest encryption.
Security teams should also consider budgeting for software structure analysis (SCA) tools during the development process, data loss prevention (DLP) solutions and, of course, not exposing databases or services such as Remote Desktop Protocol (RDP) or SSH. Should take care to do. public internet
“The bottom line of our findings is simple: Your organization may not be as secure as you think. To stay ahead of adversaries, you need to be vigilant, proactive and innovative,” wrote Chen and his team.
This news is auto-generated through an RSS feed. We don’t have any command over it. News source: Multiple Agencies: hindustantimes, techrepublic, computerweekly,