Cloud

2/28/2018
05:40 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Zero-Day Attacks Major Concern in Hybrid Cloud

Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.

Securing cloud-based and legacy systems is a balancing act, and businesses have a tough time staying upright. As the race to the cloud picks up speed, many are struggling to fully protect their hybrid environments from zero-day attacks.

Researchers at Enterprise Strategy Group (ESG) polled 450 IT and security pros in North America and Western Europe on hybrid cloud environments and containers. The results demonstrate concern around zero-day attacks and increased container adoption.

"The thesis for the study was the multidimensionality of hybrid clouds is shifting cybersecurity priorities," explains Doug Cahill, senior analyst covering cybersecurity for ESG and leader of this research, which was commissioned by Capsule8.

Hybrid infrastructures have become the major architecture in enterprise environments, a shift that has come with "major headaches and concerns," says Bogdan "Bob" Botezatu, senior e-threat analyst at Bitdefender.

"The move to hybrid happened because increasingly more organizations want to enjoy the benefit of public cloud - scalability, pay-as-you-go rates and flexibility - but also maintain control over the key infrastructure," he explains. The hybrid approach is a necessary step toward public cloud adoption, especially for companies hesitant about cloud security.

Complexity in the Cloud

"Hybrid clouds are comprised of disparate environments," Cahill says, adding that more than 80% of organizations using infrastructure-as-a-service (IaaS) consume services from multiple providers. "This tells us more workloads are moving to public cloud platforms," he adds.

More than half (56%) of respondents have already deployed containerized production applications; 80% report they will have containers in production within the next 12- to 24 months.

The adoption of new technology is a gradual, phased process and many companies are in the middle of migrating old applications to the cloud. Three-quarters (73%) or organizations use, or will use, containers for both new applications and preexisting legacy applications, Cahill says.

Despite their growing reliance on containers, many businesses will continue to at least partially rely on legacy systems for years to come, he continues. Security becomes a challenge when multiple users are accessing multiple environments from multiple different locations.

The biggest hybrid cloud security challenge is maintaining strong, consistent security across the enterprise data center and multiple cloud environments, says Cahill. Businesses want consistency; they want to be able to centralize policy and security controls across both.

Security teams also struggle to maintain the pace of cloud, an increasingly difficult challenge as cloud continues to accelerate. It used to be that cloud adoption was slowed by security, Cahill points out. Now, containers are driven by the app development team. Security has to keep up.

"One of the things we know about cloud computing in general, and about DevOps, is it's all about moving fast," he points out. "They need to keep pace with the rapid rate of change."

Compliance is a major concern for companies using hybrid cloud, adds Botezatu, who says Bitdefender polled CISOs about their biggest fears related to hybrid cloud in late 2016.

"Lack of visibility into what is happening in the big hybrid datacenter, the increased attack surface, security of backups and snapshots and security of data (either at rest or in transit) were the top five answers," he says.

More Complexity = Larger Attack Surface

The complexity of hybrid cloud environments puts organizations at risk for several types of attack. Forty-two percent of businesses reported an attack on their cloud environment in the past year; 28% said a zero-day exploit had been the attack origin.

"Part of [the reason] is the elastic nature of these environments," says Cahill of the critical zero-day threat. "Servers are so rapidly deployed and sometimes they're put into production without going through assessments and vulnerability scanning."

Common threats include taking advantage of known flaws in unpatched applications (27%), misuse of privileged accounts by inside employees (26%), exploits taking advantage of known flaws in unpatched operating systems (21%), misuse of privileged account via stolen credentials (19%), and misconfigured cloud services, workloads, or network security controls (20%).

"The security in many hybrid cloud environments is focused on the perimeter, while totally missing in-depth defenses," says Ofri Ziv, vice president of research and head of GuardiCore Labs. "This leads to environments with weak network segmentation, which is heaven for attackers and worms."

John Viega, cofounder and CEO of Capsule8, says zero-days will always be a real and unpredictable threat. "This is particularly true in production due to the impact of open source," he adds. A zero-day that appears in production from open-source software will affect a huge number of companies.

Move to Unify Security

Part of the reason security is difficult with hybrid cloud is because the majority (70%) of companies currently use separate controls for public cloud-based resources and on-premise virtual machines and servers. Only 30% use unified controls, Cahill explains.

"It's very siloed today," he says. "There are different tools for different environments managed by different people … but that's not sustainable over time. It doesn't afford the consistency of security policies across disparate environments."

This is poised to dramatically change within the next two years. By that time, 70% of respondents claim they will focus on unified controls for all server workload types across public cloud(s) and on-premise resources.

"One of the most important things a company can do is be disciplined about keeping applications on-premise or in a data center and not moving it until it is absolutely mature enough to be seamlessly be deployed in either environment," adds Viega. One way to control this is to focus on containerization in the software development process.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/28/2018 | 7:34:46 PM
Major Concern in Hybrid Cloud
This is an important topic, worthy of attention and consideration.  However, I think there are a number of false premises or assumptions, either in the report or in the minds of those that responded to the poll. 

There is always room for ambiguity to play, when we over-commit complicated ideas to simple expressions, such as "the cloud".  To begin with, cloud is style as well as place.  Many of the desirable attributes of public cloud derive from cloud as style - so are available when cloud style is applied to a private place.  Many of the less desirable features of public cloud can be avoided by not putting everything in the public place (or using "public transportation" of data). 

The article and the report seem to suggest hybrid cloud as a combination of public cloud (style, place and transport), and legacy style and infrastructure in a private place - a place soon to be abandoned as soon as the moving van is ready to roll on to "The Cloud".  However, hybrid cloud can also be a reimagining of information systems to utilize the best tools for the various tasks required to properly inform those you authorize - and not inform those you don't.  
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8360
PUBLISHED: 2019-02-16
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
CVE-2019-8361
PUBLISHED: 2019-02-16
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
CVE-2019-8362
PUBLISHED: 2019-02-16
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, o...
CVE-2019-8363
PUBLISHED: 2019-02-16
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-8358
PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.