Migrating Network Protection to the Cloud with Confidence
For modern organizations, speed and agility is the key to success – built on enhanced IT efficiency and performance driven by the cloud. Anything less could see your business outpaced by the competition. As always, security must be a priority when migrating to the cloud, but network teams are being let down by existing tools. Overwhelmed by this challenge, our TippingPoint customers came to us asking for an equivalent product for their AWS environments. So we went away and built one.
Cloud Network Protection is the first transparent, in-line network security offering for AWS customers: simple to deploy and manage, cloud-ready and leveraging our industry leading expertise in network threat protection.
Let down by legacy
According to the cloud’s shared responsibility model, network security teams are increasingly being tasked with extending security into the cloud. But current offerings in the market simply aren’t capable of supporting their requirements. They’re complex, expensive and introduce extra friction.
Our TippingPoint customers came to us with a range of gripes. They felt existing network security solutions are simply not engineered with cloud environments in mind. In fact, some need to be rearchitected to function at all in the cloud. Often, these incompatibilities lead to business disruption: by causing app and network downtime while network security is deployed and/or slowing down the speed of DevOps on an ongoing basis. In many cases, customers complained of having to use multiple tools to manage security for different networks in the hybrid cloud – adding extra cost and complexity and creating potential security gaps through misconfigured solutions.
These challenges impair their ability to meet key compliance requirements like HIPAA and GDPR. Responding to internal and external audit requests also became more difficult. At the same time as these strategic challenges, network security teams wanted to meet day-to-day requirements such as blocking requests to specific domains.
A new approach
Taking all this on board, we set about designing a network-based solution to handle the scale and performance demands of the cloud, without introducing extra friction to operations. We did this by tapping the power of the AWS Transit Gateway, a service that enables customers to connect all their Virtual Private Clouds (VPCs) and on-premises networks via a single, centralized gateway.
The resulting Cloud Network Protection solution is deployed transparently into the network fabric, providing visibility and control where network security teams need it most whilst avoiding application disruption and the need to rearchitect. By extending our TippingPoint capabilities into the cloud, we offer organizations multiple benefits including:
Consistent network security: Allowing teams to use existing TippingPoint security profiles in the cloud and on-premises.
Centralized SMS management: Complete visibility and control using the familiar Security Management System (SMS).
Simplified deployment: Minimizes friction by sliding seamlessly into the cloud network fabric.
Industry leading security: Including network-based virtual patching, and zero-day protection backed by the Zero Day Initiative bug bounty program. All whilst avoiding business disruption.
Nearly three-quarters (73%) of organizations had at least one application in the cloud as of last year – with a further 17% planning to do so within the next 12 months, according to IDG. As they migrate these business-critical apps, network security teams are demanding effective, cloud-ready tools that offer maximum protection without impacting performance. Fortunately, now they have one.
How are businesses facing the cybersecurity challenges of increasing cloud adoption?
Cloud services serve core functions essential to all aspects of business operations, but getting cloud security right is still a challenge for many organizations, the 2019 Cloud Threat Report by Oracle and KPMG has shown.
The two companies have asked 450 cyber security and IT professionals from private and public-sector organizations in the US, Canada, UK, Australia and Singapore about the problems surrounding cloud adoption and use in their environments.
While 73 percent of them feel the public cloud is more secure than what they can deliver in their own data center, there are still many sore points that negatively impact their organization’s security posture:
- The continuing confusion around the shared responsibility security model
- The visibility gap
- The risks that come with an increasingly mobile workforce using cloud-delivered applications
- The unabated threat of shadow IT.
Lack of visibility and clarity about the security responsibility
Cloud services are becoming the primary data store for many organizations, but when asked which percentage of the company’s data is currently stored in the public cloud, surveyed CISOs and CIOs offered divergent answers.
“This disparity (…) is troublesome as it indicates a lack of awareness and involvement in the use of cloud services by one of the organizational leaders responsible for securing that usage,” Oracle and KPMG point out.
CISOs are, unfortunately, too often on the cloud security sidelines. “The decentralized adoption of cloud services by line of business leaders who do not follow approval methodologies creates a visibility gap for the organization’s cybersecurity leaders,” the results indicate.
82 percent of cloud users have experienced security events due to confusion over the shared responsibility model. What’s more, only 10% of the polled CISOs fully understand the shared responsibility security model, compared with 25% of CIOs who report no confusion.
The lack of visibility is also a great problem:
- A third of the respondents say that they have difficulties when it comes to detecting and reacting to security incidents in the cloud
- 29% struggle with a lack of skills and qualified staff (especially when it comes to cybersecurity)
- 24% struggle with a lack of visibility across their data center and endpoint attack surface.
Shadow IT and insecure cloud access
The respondents have witnessed unsanctioned/shadow IT cloud applications resulting in unauthorized access to data (50%), introduction of malware (48%) and loss of data (47%), and are justifiably worried about it.
Improper use of sanctioned cloud applications is also a problem:
While 91 percent of the organizations have formal methodologies around cloud usage, 71 percent of the respondents are sure these policies are being violated by employees.
“When it comes to who has access to cloud-resident sensitive data, there are many users, including business partners, contractors, supply chain partners, auditors, part-time employees, customers, and others. These individuals will use different devices and operate under different policies and norms than an organization’s full-time employees, putting cloud-resident data at risk,” Oracle and KPMG also noted.
“At the center of how the use of cloud services has increased the risk associated with third-party access are enterprise file sync and share services (EFSS). EFSS services are often used by employees to share corporate data not only with each other but as a means to easily collaborate with external partners. Because EFSS tools are one of the most common types of shadow IT applications, their use, including with whom data is being shared, is often not governed, creating additional risk for the business.”
Fixing the problems
43% of the pollees say that they have implemented automated patch management and 46% expect to implement it in the next 12-24 months. They are primarily interested in gaining greater operational efficiencies (48%), but also reducing the window in which vulnerabilities can be exploited (29%).
57% of businesses are actively evaluating replacing passwords or planning to in the next 12-24 months. 6% have already eliminated them in favor of other forms of authentication (SMS, YubiKey smart card, fingerprint, token, etc.)
28% of the organizations already use multi-factor authentication to authenticate access to a wide variety of systems and data assets, 46% use it for access to their most mission critical resources, sensitive data, and use of root/admin accounts, and 18% are in the process of implementing it in the next 18 months.
To protect the expanded perimeter of the enterprise companies have taken a variety of actions, but those that had the most positive impact are those that reduce the attack surface: more regular penetration testing, more frequent patching and automated exploitation protection. When it comes to edge-based control, web application firewalls (WAF), cloud access security brokers (CASBs), and botnet/DDoS mitigation controls are deemed to be critical or very important.
Finally, the percentage of organizations who deployed or plan to deploy machine learning technologies to meet security challenges has risen by 6%.
They hope it will help them investigate more security alerts (29%), reduce false positives (26%), eliminate other more compute-intensive detection techniques (25%), detect “zero-day” threats (25%), and handle more incidents with Tier 1 analysts.