Alessio Mercuri, Senior Security Engineer of Vectra AIexplains why a solution Cloud Detection and Response is indispensable today to hinder attacks.
More and more organizations have adopted the cloud, and cybercriminals are quickly following suit. IBM’s Cost of a Data Breach report found that 45% of all data breaches in 2022 were cloud-based, with an average cost of $5 million.
It is no longer a question of “if”, but “when” your organization will face a cyber attacker. Because attacks are inevitable, choosing the right security tools is critical to optimizing key SecOps metrics, such as detection, investigation and response time. An advanced Cloud detection and response (CDR) solution is the answer.
Sophisticated Cloud Compromises: The New Normal
Many cloud vulnerabilities and attacks made headlines last year, but none more so than the LastPass attack. The password management company has suffered a series of attacks on its hybrid deployment, resulting in the theft of sensitive customer data from its cloud storage resources.
What was initially reported as partial access to a single developer account quickly turned out to be a full-blown credential theft that led to the exfiltration of encrypted snapshots of customer passwords from LastPass’ cloud storage resources. Snapshots can potentially be brute-forced by the attacker to crack password data. When the breach was first reported, critical customer information, including passwords, data and personal information, was believed to be completely safe. Unfortunately, this communication turned out to be false.
In security, trust is everything. Compromises of this magnitude lead to negative press, judgment from the security community, and often irreparable reputational damage.
Stolen Credentials: The preferred threat vector for direct cloud attacks
When it comes to security, having the right people and processes in place is important, but the right technology can make the difference. In the attack on LastPass, the cloud was exploited using valid, stolen credentials. It’s not a surprise. Today, most sophisticated cloud attacks come from attackers using phishing campaigns to steal credentials and masquerade as legitimate users. Unfortunately, these vectors often bypass the most popular preventative security tools an organization may have.
Remediating these sophisticated threats that arise from stolen credentials is challenging. In fact, the IBM Security report found that attacks originating from stolen credentials have the longest average time to identification (243 days) and the longest average time to containment (84 days) of any initial vector in a breach some data. Considering that kill-chains in the cloud are shallow compared to on-premise networks, an experienced adversary with valid credentials does not need much time to create persistence channels and quickly move from initial access to impact phases.
To secure cloud environments, it is imperative that SOC teams focus on identifying security incidents involving these adversary tactics, which are perfectly suited to the capabilities of a CDR tool.
Vectra AI: the importance of choosing the right security tools
For businesses today, cloud adoption is not an option, but a necessity. The benefits of the cloud are many, but the cost of migration is complex. This adoption is fueling meteoric growth in the capabilities offered by cloud providers.
This growth and adoption of cloud services has led to a larger and ever-evolving attack surface. Organizations navigating this dynamic landscape must protect themselves not only from new attacks, but also from already widespread threats such as data exposure.
To ensure safety, the teams SOC they rely on different tools. However, today there are hundreds of vendors offering tooling options that can overwhelm SOC teams, making it difficult to understand the capabilities offered by various cloud security systems. Additionally, deploying these tools often leads to the creation of unwanted blind spots in the organization’s security posture.
Why trust the Vectra CDR solution to block advanced cloud attacks
While prevention tools do a great job of providing visibility into cloud resources, misconfigurations, and non-compliant settings, they fall short when it comes to detecting new attack vectors. These are precisely the threat vectors that should cause concern.
In 2022 the phishing and stolen credentials will make up approximately 35% of all data breaches, significantly higher than the number of breaches attributed to cloud misconfigurations (15%). Relying only on prevention tools means making your organization vulnerable to expert attackers.
Thanks to Attack Signal Intelligence, Vectra CDR monitors all actions in a cloud environment and detects suspicious behavior in real time. Leverage AI to go beyond anomalies based on events or simple baselines, focusing instead on behaviors – the TTPs behind all attacks. The resulting signal clarity allows Vectra to quickly uncover sophisticated multi-stage attacks, so teams SecOps can quickly prioritize, investigate and respond to the most urgent threats. L’Attack Signal Intelligence is able to distinguish suspicious actions from legitimate activities.