Orchestrating Against Advanced Threats in the Cloud
A first step when deciding how to take control of cloud infrastructure security is to realize how the cloud — and all of the potential exploits associated with it — is a very different universe than that of your traditional data center. Already, damages organizations have incurred in cryptojacking incidents alone have totaled millions of dollars.
This The New Stack Makers livestream podcast, hosted by Alex Williams, founder and publisher of The New Stack, focuses the security challenges associated with moving to a public cloud. This live Q&A featured Ankur Shah, vice president of products, Prisma Cloud, Alok Tongaonkar, director, data science, Palo Alto Networks and Gaspar Modelo-Howard, principal data scientist at Palo Alto Networks.
In this new cloud native world, “the attack surface has changed,” said Modelo-Howard. It is thus critical to take into account that the differences between on-premises and cloud protection are “substantial,” he said.
“If I’m the person trying to protect that cloud native environment, I’m going to say, ‘how can I get attacked,’ and you see that between the on-premises and on the cloud systems, there is going to be a substantial difference,” said Modelo-Howard. “So you have to take into account those things in order to be effective in order to prevent or to detect those attacks.”
IT organizations are typically not going to lose their investments in their legacy infrastructures, by making their traditional data center networks and servers redundant. How to protect both traditional legacy and infrastructure environments concurrently thus remains a concern. However, despite the inherent differences between traditional data center and cloud infrastructures, many of the same principles of data and network security still apply.
Containers may represent “the new and the cool thing,” while “the bulk of the work today is still on traditional VMs,” said Shah. The same policies and governance are relevant for on-premises and cloud environments, or for VMs or containers. “The same principles and rules apply,” said Shah.
Cloud native and microservices environments pave the way for organizations to deploy and update applications at faster cadences. But while so much of cloud native infrastructure is programmable, the freedom and opportunities developers have come with increased risk of exploits. “Since everything is programmable, that puts an undue burden on developers to worry about security — and not everyone is equipped to do that,” says Tongaonkar. “So, we need things that can protect the developers from making mistakes, and in cases where there are mistakes made, then [there needs to be] monitoring in place, so that anything that is exposed, which leads to attacks, can be detected and remediated.”
Like in the military service or in business ventures, the analysis of failure can yield valuable results. Post-mortem analysis is thus critical if there is an attack on your cloud infrastructure. Tongaonkar recommends graphs and other diagrams, which he says are important to “detect each and every step of the attack.”
Ultimately, the goal is to “provide security holistically” across the entire range of attack vectors in cloud infrastructures,” said Tongaonkar.