Page 67 - Cyber Defense eMagazine June 2020 Edition
P. 67

a  single  opcode  on  the  customer  environment  and  without  sending  a  single  packet—all  while
               guaranteeing 100% coverage.

            ●  Prioritize alerts based on all available data, while presenting a manageable number of alerts.
               It makes no sense to 1) have a vulnerability management agent notify about 1,000 workloads at risk
               due to vulnerabilities, then 2) have to go to a CSPM to assess whether there is a real attack vector
               involved, followed by 3) having to install another distinct agent-based antivirus solution to detect
               existing compromises. That approach doesn’t work. The ideal solution must deliver the functionality
               of multiple tools out of the box and provide context-based actionable alerts—not “security concerns
               by the kilo.”



            A Breakthrough Technique for Deeper Cloud Inspection Across 100% of AWS, Azure, and GCP

            Assets

            Any solution based on these characteristics must leverage the cloud computing paradigm and abandon
            the biases of the physical computing world. It can be achieved by embracing virtualization instead of
            devices as the premise of inspection.

            Today’s cloud datacenter separates storage devices and compute devices, connecting them via high-
            speed fiber optics. This enables a unique approach to deep cloud asset inspection. Through the proper
            configuration of privileges and roles, it’s possible to take a “snapshot” of an organization’s bits and bytes
            of block storage, rebuild a read-only image of the full environment on the side (i.e., out of band), then
            scan through the resulting image to look for risks and vulnerabilities.

            This  approach  can  see  everything  without  the  hassle  of  installing  agents.  It  can  scan  the  cloud
            configuration,  network  layout,  and  security  configuration  while  reading  into  virtual  machines’  disks,
            databases, and datastores, as well as logs for all of the cloud assets. It can analyze the data, build a full-
            stack inventory, and assess the security state of every discovered asset throughout the stack. All this,
            without impacting performance or availability.

            Here is the real value of this approach: All of this information can be combined with contextual information
            from the cloud infrastructure to gain a context-aware view of the findings—the true level of risk. Context
            is important because it helps alleviate alert fatigue on behalf of the security team. Actionable findings can
            be immediately prioritized and assigned to security engineers or DevOps developers for mitigation or
            follow-up.


            Upon completion of data analysis and reporting, the snapshot can simply be deleted without a trace.
            There is nothing to maintain or deprovision.
            Legacy approaches to security have no place in the cloud. It takes a new mindset that is free from the
            past to envision innovative solutions for complete cloud security.










            Cyber Defense eMagazine –June 2020 Edition                                                                                                                                                                                                                         67
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   62   63   64   65   66   67   68   69   70   71   72