Page 67 - Cyber Defense eMagazine June 2020 Edition
P. 67
a single opcode on the customer environment and without sending a single packet—all while
guaranteeing 100% coverage.
● Prioritize alerts based on all available data, while presenting a manageable number of alerts.
It makes no sense to 1) have a vulnerability management agent notify about 1,000 workloads at risk
due to vulnerabilities, then 2) have to go to a CSPM to assess whether there is a real attack vector
involved, followed by 3) having to install another distinct agent-based antivirus solution to detect
existing compromises. That approach doesn’t work. The ideal solution must deliver the functionality
of multiple tools out of the box and provide context-based actionable alerts—not “security concerns
by the kilo.”
A Breakthrough Technique for Deeper Cloud Inspection Across 100% of AWS, Azure, and GCP
Assets
Any solution based on these characteristics must leverage the cloud computing paradigm and abandon
the biases of the physical computing world. It can be achieved by embracing virtualization instead of
devices as the premise of inspection.
Today’s cloud datacenter separates storage devices and compute devices, connecting them via high-
speed fiber optics. This enables a unique approach to deep cloud asset inspection. Through the proper
configuration of privileges and roles, it’s possible to take a “snapshot” of an organization’s bits and bytes
of block storage, rebuild a read-only image of the full environment on the side (i.e., out of band), then
scan through the resulting image to look for risks and vulnerabilities.
This approach can see everything without the hassle of installing agents. It can scan the cloud
configuration, network layout, and security configuration while reading into virtual machines’ disks,
databases, and datastores, as well as logs for all of the cloud assets. It can analyze the data, build a full-
stack inventory, and assess the security state of every discovered asset throughout the stack. All this,
without impacting performance or availability.
Here is the real value of this approach: All of this information can be combined with contextual information
from the cloud infrastructure to gain a context-aware view of the findings—the true level of risk. Context
is important because it helps alleviate alert fatigue on behalf of the security team. Actionable findings can
be immediately prioritized and assigned to security engineers or DevOps developers for mitigation or
follow-up.
Upon completion of data analysis and reporting, the snapshot can simply be deleted without a trace.
There is nothing to maintain or deprovision.
Legacy approaches to security have no place in the cloud. It takes a new mindset that is free from the
past to envision innovative solutions for complete cloud security.
Cyber Defense eMagazine –June 2020 Edition 67
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.