The cloud introduces new security challenges, which differ from classic ones by diversity and scale. Once a Virtual Machine (VM) is up and running with an open internet port, it is almost instantaneously subject to vulnerability scanning and Brute Force (BF) attacks. These attacks are usually not directed at a specific organization’s environment. Instead, they cover a broad range of environments, hoping to infiltrate even a small fraction of them, to be used for their computational power or as part of a botnet.
The agile nature of the cloud allows organizations to build elaborate and highly customized environments. These environments constantly change, as customers utilize the cloud’s ability to adapt to variations in computational or network communication demands. Although this agility is one of the cloud’s top offerings, it also makes it harder to apply and maintain security best practices. As your environment changes, the security measurements needed to protect it might change as well. Moreover, while security experts can manually analyze common environment scenarios and offer security recommendations, the huge diversity in the cloud renders these recommendations useless for many organizations, which requires more tailor-suited solutions.
Proper security recommendations have the potential to make a huge impact on an organization’s security. They can minimize attack surface, essentially blocking attacks before they occur.
On the other hand, the cloud provides unique opportunities, which are impossible or impractical for most organizations on their own. The broad visibility and the diversity of environments allow statistical models to detect abnormal activities across the cloud. Organizations can anonymously share their security-related data with trusted 3rd parties such as Azure Security Center (ASC), which can leverage this data to provide better detection and security recommendations for all organizations. Essentially, the cloud allows organizations to combine their knowledge in a way, which is much larger than the sum of its parts.
Leveraging these cloud-unique opportunities gives birth to a whole new world of customized security recommendations. Instead of a single one-fits-all best practice, the cloud allows customized best practices to be generated and updated constantly, as a cloud environment is built and evolved. Imagine an agent, which detects a security risk associated with a machine placed under the wrong subnet, or an automatically updating firewall.
This post is authored by Michael Bargury, Data Scientist, C+E Security