Orca Security this week added an ability to classify cloud security threats in a way that enables security operations teams to better prioritize their remediation efforts.
In addition to now providing security operation teams with a standard set of nomenclature that can be used to describe events that occur across multiple clouds, the updates to the company’s Cloud Detection and Response (CDR) platform provide access to a dashboard that allows cybersecurity teams to rank threats by risk level, assets with detected suspicious activity, events over time, events by geolocation, top event-driven security risks or most active threat actors.
Orca Security CEO Gil Geron said these additions to the CDR platform capabilities expedite threat investigations for cybersecurity teams that now routinely need to defend multiple cloud platforms.
In general, cyberattacks aimed at cloud computing platforms tend to be more programmatic. As a result, the amount of time a cybersecurity team has to detect and contain these often multistage attacks before a catastrophic event occurs is limited.
The Orca Security platform streamlines those efforts by collecting event-driven data streams in a way that aggregates log data across all cloud service providers (CSP). Cybersecurity teams can search and filter the results by using parameters provided by Orca Security or SQL queries, eliminating the need to use a third-party database or export logs from each CSP.
In general, cybersecurity teams that work closely with DevOps teams to ensure cloud security are the most successful in terms of achieving and maintaining cloud security said Geron. Given the programmatic nature of the attacks being launched against cloud computing platforms, defenders need to be able to invoke DevOps workflows to programmatically respond, he noted. In effect, cybercriminals are using DevOps techniques that require organizations to be able to respond in kind to thwart, said Geron.
It’s not clear how many cloud computing platforms the average organization is now employing but as workloads continue to become more distributed the number and types of cloud platforms that need to be defended is only going to increase. The challenge is that it’s not likely the resources that cybersecurity teams have at their disposal to defend these platforms will expand. As such, there is a growing need to centralize the management of cloud platforms to both reduce the total cost of IT and improve security. Today many organizations are funding separate dedicated teams to manage cloud computing environments.
Regardless of the approach, the one certain thing is the number of workloads being deployed on cloud computing platforms is only going to increase. While these platforms are usually more secure than on-premises IT environments, the processes used to build and deploy applications from a cybersecurity perspective are often flawed. As a result, cloud application environments have become favorite targets for cybercriminals looking to exploit, for example, misconfigurations.
While cybersecurity teams may not be responsible for making those mistakes, the one thing they can all count on is that whenever there is a breach, it will be the cybersecurity team that will be called to account for it.
Recent Articles By Author