SlideShare a Scribd company logo

WP_ Five Reasons Why_Jan_2023.pdf

•
•
Christopher Doman
Christopher Doman

New whitepaper from Cado Security "Five Reasons Why You Need Cloud Investigation & Response Automation" Slides below or grab the PDF @ https://lnkd.in/eWKdMEu8 Hat tip to Jordan Bowen for writing most of this.

Technology
1 of 8
Download to read offline
White Paper Five Reasons Why You Need Cloud Investigation & Response Automation
www.cadosecurity.com 2 2 With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. Digital transformation also poses new security challenges – especially when it comes to forensics and incident response. The cloud is complex. Cloud VMs, containers and functions can be extremely difficult to access, or worse, disappear in the blink of an eye. In this modern cyber world – where new blind spots provide attackers with a greater window of opportunity – it is essential that security teams have the proper visibility to investigate and respond to potential compromises. This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats. 1. Developers and Attackers are There, You need to be There too! 2. Cloud Experts are Hard to Find 3. Risk Escalates at Cloud Speed 5. Ephemeral Means Data Disappears in the Blink of an Eye 4. Multi-Cloud is On the Rise
www.cadosecurity.com 3 Developers are There, Attackers are There, You Need to be There too! A match made in heaven, cloud computing and DevOps provide the scalability, accessibility, and automation required to implement new software at cloud-speed. Prototypes can be developed in just weeks, versus months or years. Sounds like a dream, right? It would be – if cyber security had kept pace with the speed of innovation. Much of the security team’s effort to date has been focused on securing feedback loops early in the DevOps and software development life cycle, meaning many organizations have adopted cloud protection and detection technology such as Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP). However, when it comes to investigation and response, there is a huge gap. Once something bad is identified, organizations often don’t have the ability to understand the true scope and root cause of the incident. Today, when a cyber incident occurs, security teams often have little choice but to resort to their existing detection platform for visibility. But, these tools weren’t designed for a dynamic cloud environment encompassing virtual machines, containers and serverless environments. This means security teams often respond to an incident without understanding its full scope and they leave elements behind that attackers can leverage. For example, recent research shows 80% of Ransomware victims that pay out are attacked again. This is happening because security teams aren’t conducting a proper and thorough investigation to completely remove an attacker's access. To adequately manage risk in today’s cloud-first world, security teams require deep visibility across the next generation of technology. This is where Cloud Investigation and Response Automation comes in. While getting forensic data in the cloud may seem like a daunting task, cloud providers now make a range of automation options available, and it is these automation techniques that make it possible for security teams to effortlessly dive deep. With visibility beyond what a detection platform can provide, security teams are able to make more informed response decisions – and therefore, better manage risk across modern environments. 3 REASON #1
www.cadosecurity.com 4 The cybersecurity skills gap is a well known problem. According to the 2022 (ISC)2 Cybersecurity Workforce Study, there is a global shortage of 3.4 million cybersecurity workers. And with the rapid transition to cloud, organizations are now tasked with hiring security talent with deep cloud knowledge, on top of everything else. It’s often just not possible for security teams to perform forensics and incident response in the cloud with the knowledge, tools and resources they have. For example, even before an analyst can start their investigation, they need to be able to determine the types of cloud data sources that will be of most value - and in today’s evolving cloud landscape, this is no easy task. For example, there are over 200 products and services in AWS, each with different security best practices and data sources. Once security teams have identified the types of data sources they wish to analyze, gaining access is another obstacle. The cloud APIs are much better than their on-premises equivalents, but leveraging them still requires an in-depth understanding of each cloud providers’ capabilities and the skillset to write the scripts to call the APIs. Done right, though, the advantages are innumerable - you can automate elements of the process from end to end - from acquisition, processing and analysis, to taking response actions. While it’s important to have a basic understanding of the different data sources available in the cloud (e.g. core logging platforms such as AWS CloudWatch, Azure Monitor Logs, GCP Logs, Kubernetes Logs, etc.), it’s unreasonable to expect any one individual to have all the cloud expertise to perform incident response investigations in the cloud. Using traditional incident response approaches, analyzing all of these different data sources can feel close to impossible, but with Cloud Investigation and Response Automation, analysts of all levels can perform forensics investigations in the cloud. Cloud Investigation and Response Automation solutions unify hundreds of data sources across cloud-provider logs, disk, memory and more in a single pane of glass. Further, this modern approach means security teams can leverage the cloud in a way that enables them to collect, process and store critical incident evidence in a secure, flexible and efficient way, while also allowing for easy collaboration. 4 Cloud Experts are Hard to Find REASON #2
www.cadosecurity.com 5 But while attackers are moving at cloud speed, organizations are struggling to keep pace. According to research released by ESG in November 2021, 89% of organizations have experienced a negative outcome in the time between detection and investigation of a cloud security incident. The primary reason, according to respondents, is that it takes too much time to collect and process the data required to perform forensics investigations (approximately 3.1 days on average). What’s worse, because of this, over one-third of cloud security alerts are never investigated, according to ESG. Cloud, containers and serverless architecture have completely changed the way we build business applications, and it has also fundamentally changed the way attacks and adversaries operate. Attackers are evolving quickly – consistently developing new tools, tactics and techniques to compromise the next generation of technology. Earlier this year, the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment was discovered. Although the first sample discovered was fairly innocuous in that it only runs crypto-mining software, it demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, and is indicative of potential future, more nefarious attacks. 5 Risk Escalates at Cloud Speed Lambda-specific log statement from Denonia To keep pace with the adversary, security teams require the ability to perform incident investigations quickly and deeply. Thorough incident response requires security teams to retrace an attacker’s every move in order to close any existing gaps that could leave the organization vulnerable to future compromise. Moreover, they need to do this quickly, before ephemeral workloads get spun down, destroying clues attackers might leave behind. Cloud Investigation and Response Automation enables security teams to leverage cloud speed and automation to drastically reduce the window between detection and investigation and response. REASON #3
www.cadosecurity.com 6 While security teams already struggle to get the data they need to perform incident response in the cloud, the rise of multi-cloud makes this task even more challenging for a few major reasons: ➔ Data silos - Each cloud provider has their own terminology, security tools, monitoring logs, and APIs, making it difficult to know which data sources are most valuable to capture, how to capture them, and moreover, how to efficiently investigate all of these different sources from multiple cloud platforms and environments. ➔ Skill & knowledge gaps - As previously mentioned, it’s already painfully difficult to hire cyber security professionals with deep cloud knowledge, but finding security talent that has the skill set to work in multiple clouds can feel close to impossible. Today, most organizations leverage more than one cloud provider. According to Gartner’s 2020 Cloud End-User Buying Behavior Survey, 76% of respondents have adopted multi-cloud infrastructure – whether it be to maintain SLAs and protect against outage, capitalize on regional coverage, manage costs, or to simply maximize functionality. Even United States Financial Industry Regulatory (FINRA) has stated that broker-dealers should be able to switch cloud providers when needed and “consider the risks associated with vendor lock-in.”, including “an exit strategy to mitigate against an unfavorable lock-in scenario.” Similarly, the European Banking Authority warns against risk management associated with one provider, urging its members to take “concentration risk” into account by avoiding a “dominant service provider that is not easily substitutable.” 6 Multi-Cloud is On the Rise As a result, when an incident occurs in the cloud today, security and incident response professionals face a lose-lose decision – do they close an incident without understanding the full scope and impact or spend days to weeks stitching together an investigation which may not yield the desired results? With so many companies adopting a multi-cloud strategy, security teams need solutions that provide cross-cloud visibility to ensure full coverage and visibility. Cloud Investigation and Response Automation is key to removing the complexities associated with performing forensics and incident response across multi-cloud environments. By completely automating data capture and processing, Cloud Investigation and Response Automation solutions enable security teams to seamlessly dive into incident data — regardless of where it resides. REASON #4
www.cadosecurity.com 7 Cloud Investigation and Response Automation solutions make incident response in ephemeral environments possible by delivering the following capabilities: ➔ Automated Data Capture: Automation ensures critical evidence is captured and preserved for investigation immediately following incident detection. This means security teams preserve critical evidence and reduce time to incident containment and resolution. ➔ Container Asset Discovery: Since containers operate as virtualized environments within a shared host kernel OS, it’s often challenging to keep track of asset workloads running across all containerized machines in a scaled environment. An agentless discovery process that can efficiently discover and track container assets enforces appropriate security protocols across all container apps. ➔ Ability to Quickly Isolate: In the event a resource is compromised, it’s critical that security teams have the ability to quickly isolate it in order to stop the active attack and prevent further spread and damage. In some cases, isolation can be a good first step to take following initial detection. This allows security analysts to perform a more thorough investigation in the background and ensure proper remediation and containment steps are taken after you have a better understanding of the true scope and impact of the incident. Ephemeral Means Data Disappears in the Blink of an Eye One of the biggest challenges security teams face is securing ephemeral environments consisting of cloud, container-based and serverless resources. These resources spin up and down continuously making it almost impossible for security experts to investigate an incident and understand which assets and data have been compromised. If malicious activity occurs between the time one of these resources is spun up and down, that data is lost forever. Attackers are taking advantage of this because it helps them cover their tracks. When investigating an environment that utilizes containers or other ephemeral resources, data collection needs to happen immediately following detection so that valuable evidence isn’t destroyed. This can only be achieved through automation. Additionally, because many organizations have thousands of containers, it’s also critical that automation is applied to expedite data processing and enrichment as well. REASON #5
www.cadosecurity.com 8 Cado Security is the cloud investigation and response automation company. The Cado platform leverages the scale, speed and automation of the cloud to effortlessly deliver forensic-level detail into cloud, container and serverless environments. Only Cado empowers security teams to investigate and respond at cloud speed. Backed by Blossom Capital and Ten Eleven Ventures, Cado Security has offices in the United States and United Kingdom. For more information, please visit www.cadosecurity.com or follow us on Twitter @cadosecurity. Conclusion Security teams shouldn’t have to be cloud experts to secure their environment. Analysts shouldn’t have to work across multiple cloud teams, jump through hopes to gain access to a potentially compromised system, or require deep knowledge across all major cloud providers. Applying modern security techniques and technology empowers security teams to automate where possible and drastically reduce the complexity and time required to perform forensics and incident response in the cloud. For a cloud-specific cybersecurity strategy, security teams need solutions that are built for the cloud. Cloud Investigation and Response Automation enables security teams to streamline data capture, processing and analysis so they can easily understand risk across the most complex cloud environments. At Cado, we believe that the cloud makes security easier, not harder. Cloud Investigation and Response Automation allows security teams to augment the end-to-end incident response process by leveraging cloud speed and automation. By ruthlessly automating where we can, common investigative techniques can be replicated – from capturing the right data to identifying an incident’s root cause, scope and impact. This automation frees up valuable focus time so that security teams can prioritize the most important incidents and drastically reduce overall Mean Time To Respond (MTTR).

Recommended

Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationChristopher Doman
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...Dana Gardner
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 

Recommended

Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationChristopher Doman
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityArunvignesh Venkatesh
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...Dana Gardner
 
Cloud security
Cloud security Cloud security
Cloud security Mohamed Shalash
 
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
 
Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxMandy Sidana
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Three Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfThree Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfEnterprise Insider
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceKeith Purves
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PiecePaul Richards
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsParaben Corporation
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceDavid Jones
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloudFREVVO
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Risk Management in the Cloud
Risk Management in the CloudRisk Management in the Cloud
Risk Management in the CloudDavid X Martin
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfChristopher Doman
 
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfAWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfChristopher Doman
 

More Related Content

Similar to WP_ Five Reasons Why_Jan_2023.pdf

Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxMandy Sidana
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Three Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfThree Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfEnterprise Insider
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloudkairostech
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...IJERA Editor
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceKeith Purves
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PiecePaul Richards
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsParaben Corporation
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceDavid Jones
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingIRJET Journal
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloudFREVVO
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 
Risk Management in the Cloud
Risk Management in the CloudRisk Management in the Cloud
Risk Management in the CloudDavid X Martin
 

Similar to WP_ Five Reasons Why_Jan_2023.pdf (20)

Container Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptxContainer Workload Security Solution Ideas by Mandy Sidana.pptx
Container Workload Security Solution Ideas by Mandy Sidana.pptx
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar report
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Three Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdfThree Ways To Secure Cloud Migration.pdf
Three Ways To Secure Cloud Migration.pdf
 
9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud9 Things You Need to Know Before Moving to the Cloud
9 Things You Need to Know Before Moving to the Cloud
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
Security in Cloud Computing For Service Delivery Models: Challenges and Solut...
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
 
EveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_PieceEveryCloud_Company_Intro_Piece
EveryCloud_Company_Intro_Piece
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation Tools
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
 
Your clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security AllianceYour clouds must be transparent - an intro to Cloud Security Alliance
Your clouds must be transparent - an intro to Cloud Security Alliance
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
A Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud ComputingA Comparative Review on Data Security Challenges in Cloud Computing
A Comparative Review on Data Security Challenges in Cloud Computing
 
Security and the cloud
Security and the cloudSecurity and the cloud
Security and the cloud
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Risk Management in the Cloud
Risk Management in the CloudRisk Management in the Cloud
Risk Management in the Cloud
 

More from Christopher Doman

Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfChristopher Doman
 
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfAWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfChristopher Doman
 
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsA New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsChristopher Doman
 
Cloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdfCloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdfChristopher Doman
 
AWS Guard Duty Forensics & Incident Response.pdf
AWS Guard Duty Forensics & Incident Response.pdfAWS Guard Duty Forensics & Incident Response.pdf
AWS Guard Duty Forensics & Incident Response.pdfChristopher Doman
 
EKS Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdfEKS Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdfChristopher Doman
 
AWS IAM Forensics & Incident Response
AWS IAM Forensics & Incident ResponseAWS IAM Forensics & Incident Response
AWS IAM Forensics & Incident ResponseChristopher Doman
 
AWS Forensics & Incident Response
AWS Forensics & Incident ResponseAWS Forensics & Incident Response
AWS Forensics & Incident ResponseChristopher Doman
 
Lambda Forensics & Incident Response.pdf
Lambda Forensics & Incident Response.pdfLambda Forensics & Incident Response.pdf
Lambda Forensics & Incident Response.pdfChristopher Doman
 
Case Studies Denonia - Lambda DFIR.pdf
Case Studies Denonia - Lambda DFIR.pdfCase Studies Denonia - Lambda DFIR.pdf
Case Studies Denonia - Lambda DFIR.pdfChristopher Doman
 
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdfCloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdfChristopher Doman
 
AWS Detective Forensics & Incident Response.pdf
AWS Detective Forensics & Incident Response.pdfAWS Detective Forensics & Incident Response.pdf
AWS Detective Forensics & Incident Response.pdfChristopher Doman
 
Google Cloud Forensics & Incident Response
Google Cloud Forensics & Incident ResponseGoogle Cloud Forensics & Incident Response
Google Cloud Forensics & Incident ResponseChristopher Doman
 
GKE Forensics & Incident Response.pdf
GKE Forensics & Incident Response.pdfGKE Forensics & Incident Response.pdf
GKE Forensics & Incident Response.pdfChristopher Doman
 
AWS SSM Forensics and Incident Response
AWS SSM Forensics and Incident ResponseAWS SSM Forensics and Incident Response
AWS SSM Forensics and Incident ResponseChristopher Doman
 
Kubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdfKubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdfChristopher Doman
 
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdfCase Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdfChristopher Doman
 
EC2 Forensics & Incident Response.pdf
EC2 Forensics & Incident Response.pdfEC2 Forensics & Incident Response.pdf
EC2 Forensics & Incident Response.pdfChristopher Doman
 
ECS Forensics & Incident Response
ECS Forensics & Incident ResponseECS Forensics & Incident Response
ECS Forensics & Incident ResponseChristopher Doman
 

More from Christopher Doman (20)

Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
 
AWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdfAWS Incident Response Cheat Sheet.pdf
AWS Incident Response Cheat Sheet.pdf
 
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsA New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud Forensics
 
Cloud Forensics Tools
Cloud Forensics ToolsCloud Forensics Tools
Cloud Forensics Tools
 
Cloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdfCloud Forensics and Incident Response Training.pdf
Cloud Forensics and Incident Response Training.pdf
 
AWS Guard Duty Forensics & Incident Response.pdf
AWS Guard Duty Forensics & Incident Response.pdfAWS Guard Duty Forensics & Incident Response.pdf
AWS Guard Duty Forensics & Incident Response.pdf
 
EKS Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdfEKS Forensics & Incident Response.pdf
EKS Forensics & Incident Response.pdf
 
AWS IAM Forensics & Incident Response
AWS IAM Forensics & Incident ResponseAWS IAM Forensics & Incident Response
AWS IAM Forensics & Incident Response
 
AWS Forensics & Incident Response
AWS Forensics & Incident ResponseAWS Forensics & Incident Response
AWS Forensics & Incident Response
 
Lambda Forensics & Incident Response.pdf
Lambda Forensics & Incident Response.pdfLambda Forensics & Incident Response.pdf
Lambda Forensics & Incident Response.pdf
 
Case Studies Denonia - Lambda DFIR.pdf
Case Studies Denonia - Lambda DFIR.pdfCase Studies Denonia - Lambda DFIR.pdf
Case Studies Denonia - Lambda DFIR.pdf
 
Cloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdfCloud Security Fundamentals for Forensics and Incident Response.pdf
Cloud Security Fundamentals for Forensics and Incident Response.pdf
 
AWS Detective Forensics & Incident Response.pdf
AWS Detective Forensics & Incident Response.pdfAWS Detective Forensics & Incident Response.pdf
AWS Detective Forensics & Incident Response.pdf
 
Google Cloud Forensics & Incident Response
Google Cloud Forensics & Incident ResponseGoogle Cloud Forensics & Incident Response
Google Cloud Forensics & Incident Response
 
GKE Forensics & Incident Response.pdf
GKE Forensics & Incident Response.pdfGKE Forensics & Incident Response.pdf
GKE Forensics & Incident Response.pdf
 
AWS SSM Forensics and Incident Response
AWS SSM Forensics and Incident ResponseAWS SSM Forensics and Incident Response
AWS SSM Forensics and Incident Response
 
Kubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdfKubernetes Docker Forensics & Incident Response.pdf
Kubernetes Docker Forensics & Incident Response.pdf
 
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdfCase Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
Case Studies TeamTNT - AWS & Container Cryptomining Worm DFIR.pdf
 
EC2 Forensics & Incident Response.pdf
EC2 Forensics & Incident Response.pdfEC2 Forensics & Incident Response.pdf
EC2 Forensics & Incident Response.pdf
 
ECS Forensics & Incident Response
ECS Forensics & Incident ResponseECS Forensics & Incident Response
ECS Forensics & Incident Response
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

WP_ Five Reasons Why_Jan_2023.pdf

  • 1. White Paper Five Reasons Why You Need Cloud Investigation & Response Automation
  • 2. www.cadosecurity.com 2 2 With more than 60% of corporate data currently stored in the cloud, cloud computing has influenced a true renaissance in how we manage and deliver applications and services. The appeal of migrating to the cloud is clear – greater speed, agility, flexibility, cost savings, and more. Digital transformation also poses new security challenges – especially when it comes to forensics and incident response. The cloud is complex. Cloud VMs, containers and functions can be extremely difficult to access, or worse, disappear in the blink of an eye. In this modern cyber world – where new blind spots provide attackers with a greater window of opportunity – it is essential that security teams have the proper visibility to investigate and respond to potential compromises. This white paper covers five reasons why you need Cloud Investigation and Response Automation to ensure your organization is equipped to efficiently understand and respond to cloud threats. 1. Developers and Attackers are There, You need to be There too! 2. Cloud Experts are Hard to Find 3. Risk Escalates at Cloud Speed 5. Ephemeral Means Data Disappears in the Blink of an Eye 4. Multi-Cloud is On the Rise
  • 3. www.cadosecurity.com 3 Developers are There, Attackers are There, You Need to be There too! A match made in heaven, cloud computing and DevOps provide the scalability, accessibility, and automation required to implement new software at cloud-speed. Prototypes can be developed in just weeks, versus months or years. Sounds like a dream, right? It would be – if cyber security had kept pace with the speed of innovation. Much of the security team’s effort to date has been focused on securing feedback loops early in the DevOps and software development life cycle, meaning many organizations have adopted cloud protection and detection technology such as Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP). However, when it comes to investigation and response, there is a huge gap. Once something bad is identified, organizations often don’t have the ability to understand the true scope and root cause of the incident. Today, when a cyber incident occurs, security teams often have little choice but to resort to their existing detection platform for visibility. But, these tools weren’t designed for a dynamic cloud environment encompassing virtual machines, containers and serverless environments. This means security teams often respond to an incident without understanding its full scope and they leave elements behind that attackers can leverage. For example, recent research shows 80% of Ransomware victims that pay out are attacked again. This is happening because security teams aren’t conducting a proper and thorough investigation to completely remove an attacker's access. To adequately manage risk in today’s cloud-first world, security teams require deep visibility across the next generation of technology. This is where Cloud Investigation and Response Automation comes in. While getting forensic data in the cloud may seem like a daunting task, cloud providers now make a range of automation options available, and it is these automation techniques that make it possible for security teams to effortlessly dive deep. With visibility beyond what a detection platform can provide, security teams are able to make more informed response decisions – and therefore, better manage risk across modern environments. 3 REASON #1
  • 4. www.cadosecurity.com 4 The cybersecurity skills gap is a well known problem. According to the 2022 (ISC)2 Cybersecurity Workforce Study, there is a global shortage of 3.4 million cybersecurity workers. And with the rapid transition to cloud, organizations are now tasked with hiring security talent with deep cloud knowledge, on top of everything else. It’s often just not possible for security teams to perform forensics and incident response in the cloud with the knowledge, tools and resources they have. For example, even before an analyst can start their investigation, they need to be able to determine the types of cloud data sources that will be of most value - and in today’s evolving cloud landscape, this is no easy task. For example, there are over 200 products and services in AWS, each with different security best practices and data sources. Once security teams have identified the types of data sources they wish to analyze, gaining access is another obstacle. The cloud APIs are much better than their on-premises equivalents, but leveraging them still requires an in-depth understanding of each cloud providers’ capabilities and the skillset to write the scripts to call the APIs. Done right, though, the advantages are innumerable - you can automate elements of the process from end to end - from acquisition, processing and analysis, to taking response actions. While it’s important to have a basic understanding of the different data sources available in the cloud (e.g. core logging platforms such as AWS CloudWatch, Azure Monitor Logs, GCP Logs, Kubernetes Logs, etc.), it’s unreasonable to expect any one individual to have all the cloud expertise to perform incident response investigations in the cloud. Using traditional incident response approaches, analyzing all of these different data sources can feel close to impossible, but with Cloud Investigation and Response Automation, analysts of all levels can perform forensics investigations in the cloud. Cloud Investigation and Response Automation solutions unify hundreds of data sources across cloud-provider logs, disk, memory and more in a single pane of glass. Further, this modern approach means security teams can leverage the cloud in a way that enables them to collect, process and store critical incident evidence in a secure, flexible and efficient way, while also allowing for easy collaboration. 4 Cloud Experts are Hard to Find REASON #2
  • 5. www.cadosecurity.com 5 But while attackers are moving at cloud speed, organizations are struggling to keep pace. According to research released by ESG in November 2021, 89% of organizations have experienced a negative outcome in the time between detection and investigation of a cloud security incident. The primary reason, according to respondents, is that it takes too much time to collect and process the data required to perform forensics investigations (approximately 3.1 days on average). What’s worse, because of this, over one-third of cloud security alerts are never investigated, according to ESG. Cloud, containers and serverless architecture have completely changed the way we build business applications, and it has also fundamentally changed the way attacks and adversaries operate. Attackers are evolving quickly – consistently developing new tools, tactics and techniques to compromise the next generation of technology. Earlier this year, the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment was discovered. Although the first sample discovered was fairly innocuous in that it only runs crypto-mining software, it demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, and is indicative of potential future, more nefarious attacks. 5 Risk Escalates at Cloud Speed Lambda-specific log statement from Denonia To keep pace with the adversary, security teams require the ability to perform incident investigations quickly and deeply. Thorough incident response requires security teams to retrace an attacker’s every move in order to close any existing gaps that could leave the organization vulnerable to future compromise. Moreover, they need to do this quickly, before ephemeral workloads get spun down, destroying clues attackers might leave behind. Cloud Investigation and Response Automation enables security teams to leverage cloud speed and automation to drastically reduce the window between detection and investigation and response. REASON #3
  • 6. www.cadosecurity.com 6 While security teams already struggle to get the data they need to perform incident response in the cloud, the rise of multi-cloud makes this task even more challenging for a few major reasons: âž” Data silos - Each cloud provider has their own terminology, security tools, monitoring logs, and APIs, making it difficult to know which data sources are most valuable to capture, how to capture them, and moreover, how to efficiently investigate all of these different sources from multiple cloud platforms and environments. âž” Skill & knowledge gaps - As previously mentioned, it’s already painfully difficult to hire cyber security professionals with deep cloud knowledge, but finding security talent that has the skill set to work in multiple clouds can feel close to impossible. Today, most organizations leverage more than one cloud provider. According to Gartner’s 2020 Cloud End-User Buying Behavior Survey, 76% of respondents have adopted multi-cloud infrastructure – whether it be to maintain SLAs and protect against outage, capitalize on regional coverage, manage costs, or to simply maximize functionality. Even United States Financial Industry Regulatory (FINRA) has stated that broker-dealers should be able to switch cloud providers when needed and “consider the risks associated with vendor lock-in.”, including “an exit strategy to mitigate against an unfavorable lock-in scenario.” Similarly, the European Banking Authority warns against risk management associated with one provider, urging its members to take “concentration risk” into account by avoiding a “dominant service provider that is not easily substitutable.” 6 Multi-Cloud is On the Rise As a result, when an incident occurs in the cloud today, security and incident response professionals face a lose-lose decision – do they close an incident without understanding the full scope and impact or spend days to weeks stitching together an investigation which may not yield the desired results? With so many companies adopting a multi-cloud strategy, security teams need solutions that provide cross-cloud visibility to ensure full coverage and visibility. Cloud Investigation and Response Automation is key to removing the complexities associated with performing forensics and incident response across multi-cloud environments. By completely automating data capture and processing, Cloud Investigation and Response Automation solutions enable security teams to seamlessly dive into incident data — regardless of where it resides. REASON #4
  • 7. www.cadosecurity.com 7 Cloud Investigation and Response Automation solutions make incident response in ephemeral environments possible by delivering the following capabilities: âž” Automated Data Capture: Automation ensures critical evidence is captured and preserved for investigation immediately following incident detection. This means security teams preserve critical evidence and reduce time to incident containment and resolution. âž” Container Asset Discovery: Since containers operate as virtualized environments within a shared host kernel OS, it’s often challenging to keep track of asset workloads running across all containerized machines in a scaled environment. An agentless discovery process that can efficiently discover and track container assets enforces appropriate security protocols across all container apps. âž” Ability to Quickly Isolate: In the event a resource is compromised, it’s critical that security teams have the ability to quickly isolate it in order to stop the active attack and prevent further spread and damage. In some cases, isolation can be a good first step to take following initial detection. This allows security analysts to perform a more thorough investigation in the background and ensure proper remediation and containment steps are taken after you have a better understanding of the true scope and impact of the incident. Ephemeral Means Data Disappears in the Blink of an Eye One of the biggest challenges security teams face is securing ephemeral environments consisting of cloud, container-based and serverless resources. These resources spin up and down continuously making it almost impossible for security experts to investigate an incident and understand which assets and data have been compromised. If malicious activity occurs between the time one of these resources is spun up and down, that data is lost forever. Attackers are taking advantage of this because it helps them cover their tracks. When investigating an environment that utilizes containers or other ephemeral resources, data collection needs to happen immediately following detection so that valuable evidence isn’t destroyed. This can only be achieved through automation. Additionally, because many organizations have thousands of containers, it’s also critical that automation is applied to expedite data processing and enrichment as well. REASON #5
  • 8. www.cadosecurity.com 8 Cado Security is the cloud investigation and response automation company. The Cado platform leverages the scale, speed and automation of the cloud to effortlessly deliver forensic-level detail into cloud, container and serverless environments. Only Cado empowers security teams to investigate and respond at cloud speed. Backed by Blossom Capital and Ten Eleven Ventures, Cado Security has offices in the United States and United Kingdom. For more information, please visit www.cadosecurity.com or follow us on Twitter @cadosecurity. Conclusion Security teams shouldn’t have to be cloud experts to secure their environment. Analysts shouldn’t have to work across multiple cloud teams, jump through hopes to gain access to a potentially compromised system, or require deep knowledge across all major cloud providers. Applying modern security techniques and technology empowers security teams to automate where possible and drastically reduce the complexity and time required to perform forensics and incident response in the cloud. For a cloud-specific cybersecurity strategy, security teams need solutions that are built for the cloud. Cloud Investigation and Response Automation enables security teams to streamline data capture, processing and analysis so they can easily understand risk across the most complex cloud environments. At Cado, we believe that the cloud makes security easier, not harder. Cloud Investigation and Response Automation allows security teams to augment the end-to-end incident response process by leveraging cloud speed and automation. By ruthlessly automating where we can, common investigative techniques can be replicated – from capturing the right data to identifying an incident’s root cause, scope and impact. This automation frees up valuable focus time so that security teams can prioritize the most important incidents and drastically reduce overall Mean Time To Respond (MTTR).