With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built for the cloud, with strong Linux threat detection and no impact on your resources.
“There is no cloud it’s just someone else’s computer.” As prominent as this joke has become, it does a disservice to explaining the magnitude of Joseph Carl Robnett Licklider’s creation. Licklider is credited with the cloud’s invention due to his work on ARPANET, which connected people to data from anywhere in the world in the 1960s.
Let’s break down these characteristics and delve into those that bring security concerns into our cloud environments.
Cloud Characteristics
Broad Network Access
Companies do not often think about what vulnerabilities their cloud carriers could bring. Cloud carriers enable cloud providers, such as AWS, Azure, and Google Cloud, to connect to the outside world. While these connections are vital for companies to access resources from multiple locations and provide services to clients they also offer attackers access.
As more employees work from home across the world, access to the internals of cloud resources has broadened. Researchers found that cloud attacks increased by 630% in the first four months of 2020.
Network access provides access for almost all cyber attacks, including RATs (Remote Access Trojans). RATs allow attackers to monitor and control your computer or network. BlackBerry’s Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android states that APT groups working with the Chinese government and RATs gain access and establish persistence to Linux servers. Similar to the recent IPStorm transition to Linux, these attacks are cross-platform. Modifying attacks previously used on Windows devices, these groups have been able to compromise Linux servers and have remained relatively undetected for almost a decade.
Tip: When we consider cloud security we often think about criminals forcing their way into our assets. RATs allow criminals to gain access to our cloud environments from trusted sources. There is no question that attackers consistently bypass traditional security, so it’s imperative we have visibility into what runs in our clouds regardless of who or what executed it.
Intezer Protect monitors code at runtime without consideration of who or what executed the new process. Having clear visibility into what code is running on your systems enables you to stop the attack before the attacker gains remote access to other assets.
On-Demand Self-Service
On-Demand Self-Service helps companies control their costs by only paying for what they use. Yet as we have moved to an agile style of development and deployments, more power has been given to developers to create and change resources as needed for application creation and modification.
With the ephemeral nature of the cloud, that is with companies creating new resources every few hours, minutes, and even seconds, it is nearly impossible for security teams to keep up with the hundreds if not thousands of containers, applications, and code deployments without the proper tools.
Many cloud providers offer functions as a service, aka serverless computing, which allows customers to run code as needed without providing or managing the infrastructure. As the cloud provider manages everything but the code, this leads to a false sense of security. At the end of the day, companies should understand that regardless of who provides them security, they are accountable to their customers when a breach occurs. Recently researchers at Intezer proved that functions are not as secure as believed by escaping the Docker environment in Azure Functions.
Tip: Despite our best security practices vulnerabilities are sometimes out of our control. Visibility into all code running in our environments is key to prompt and effective mitigation of attacks.
Intezer Protect scans for vulnerable packages and configuration issues giving a robust view into your constantly changing cloud environments. If an attacker is able to take advantage of a vulnerability before it is patched or an unknown vulnerability, Intezer Protect terminates processes by automation or a simple click of a button.
