New data from Unit 42 uncovers a global, growth-driven security crisis. What can we do about it?
The unfortunate reality of cloud migration, containerization, and serverless adoption is the huge increase in attack surface. Companies work hard to secure and maintain these complex ecosystems, but as Unit 42 continues to show, things eventually slip through the cracks.
Implementing platform-agnostic application security measures such as Avocado Systems that are defaulted to high standards of security helps teams meet the hyper-growth demands of today and tomorrow. By detecting attacks that abuse cloud misconfigurations, delayed patches, and other zero-day exploits at the application layer, companies can take their security to the next level.
Bigger than you’d Think
Cybersecurity professionals agree: their job is tough and getting tougher. Expanding responsibilities and business growth initiatives are often not met with the required resources, be it cash, talent, or time. Pushing these initiatives without proper resources has led to an industry on the verge of a crisis.
Let’s say a company needs to scale their offerings, so they decide to move their applications to the cloud. Wisely, they choose a cloud service provider (CSP) that offers a variety of security features. First, the company manually sets security policies, establishes zero trust zones, and pushes their applications to the cloud. Down the line, this added complexity needs to be reassessed, reconfigured, tested, and deployed every time a change happens in their ecosystem, so the state of their security slowly deteriorates, servers don’t get patched, and things get overwhelmingly complicated.
That’s because out of all reported cyber breaches in the cloud, 65% were due to misconfigured setups, according to a recent study by Unit 42. Further, 56% of all organizations have at least one SSH service exposed to the global internet.
Containers like Docker, Kubernetes, and EC2 are no exception either, with 50% of all containers staying in default configurations, leaving critical assets exposed including jQuery components and parts of the LAMP stack (Linux/Apache/MySQL/PHP) that makes up so many applications.
In total, Unit 42 discovered a total of 32 million public cloud vulnerabilities and 40,000 default containers, representing a huge portion of the security landscape. Expanding responsibilities of CISOs and CIOs make it almost impossible to prevent this from slipping through the cracks over time.
The Challenging Future
As companies continue to grow their cloud footprint with multiple providers and container instances, the attack surface grows. Hybrid clouds, containers, and serverless functions are inherently tough to keep track of and even harder to secure.
Once an advanced threat gets access to some exposed piece of an ecosystem, it’s often game over. Data leakage is the #1 result of breaches, and bad actors can stay undetected for months or years before caught. Noticing this on a complex, multi-tenant system is even harder.
The biggest issue is that existing solutions simply don’t scale when companies need to. Enterprises have expensive east-west appliances, while SMB’s can have a whole host of various consoles for VM’s and specific cloud/container hosts. At scale, these can impart countless hidden costs in terms of staff hours, services, and overall performance.
The Current Landscape
Companies searching for scalable, secure solutions has driven a wave of security technology. Zero-trust architecture, micro-segmentation, and more that utilize cutting edge technology to power application security beyond the perimeter have all gained traction in the market, and for a good reason.
‘Zero-Trust’ solutions whitelist certain app communication based on manual policies. Some providers use ‘templates’ for popular configs for new deployments, but still require manual programming for robust security. Newer companies tend to use the power of machine learning and AI to generate behavioral baselines and signatures that automatically create policies alongside those that are manually configured.
One major downside is that these solutions often require a prolonged period of manual tweaking or behavioral baseline learning before deployed applications/workloads are actually secure. Most solutions use OS and Kernel-level hooks, which often causes new apps to immediately crash and need manual reconfiguration for every deployment.
These delays the benefits and afford hackers time to create a false trust through illegitimate application instances, forged credentials, IP spoofing, and more. Further, not all of these solutions provide the same level of in-depth app visibility, dependency mapping, compliance, or threat elimination.
By contrast, Avocado Systems provides an app-native platform that secures applications in runtime and at the process level, with no baselines or manual configuration necessary. By launching apps with unique ID’s and an extremely lightweight plugin, Avocado’s Application Security Platform (ASP) identifies legitimate communications at the web, app and DB tiers. This dynamic, robust micro-segmentation and application firewall security is so lightweight that it was recently recognized by Forrester as the industry leader in application performance.
65% of all cloud breaches occur because of misconfigurations. Ensure you don’t become a statistic and secure your applications so you’re not reliant on unscalable processes. The way you prevent it is up to you.