Approaching Cloud Security From the Inside-Out

 
 
By Karen A. Frenkel  |  Posted 05-03-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Approaching Cloud Security From the Inside-Out
    Next

    Approaching Cloud Security From the Inside-Out

    Security in the cloud requires an inversion of the traditional approach to security by assessing security from the inside-out rather than the outside-in.
  • Previous
    Reconnaissance
    Next

    Reconnaissance

    During the reconnaissance step, an attacker looks for publicly available information on the Internet either to find a target that has vulnerabilities that can be compromised or to see what vulnerabilities exist within the cloud infrastructure of a specific organization.
  • Previous
    Catching Brute Force Attackers During Reconnaissance
    Next

    Catching Brute Force Attackers During Reconnaissance

    To catch potential hackers during reconnaissance, implement continuous security monitoring to alert you to any scanning activity and abnormal login attempts or failures.
  • Previous
    Weaponization
    Next

    Weaponization

    After reconnaissance on your own network, consider the types of exploits and malicious payloads that could be used.
  • Previous
    Delivery
    Next

    Delivery

    An attacker can send an exploit or malicious payload several ways. To detect an attack, implement continuous security monitoring. Knowing about a vulnerability before a signature is created is a huge advantage against attackers.
  • Previous
    Exploitation
    Next

    Exploitation

    During the execution of an attack, the attacker establishes a foothold by finding a vulnerability in the server service, or through the use of compromised credentials. He or she can gain further access via a local privilege escalation exploit.
  • Previous
    Installation
    Next

    Installation

    During installation, an attacker typically installs a program (a kernel module or rootkit, for example) or file to maintain the connection and control without detection. That lets him or her operate internal assets remotely.
  • Previous
    Command and Control
    Next

    Command and Control

    The connection from a compromised server or an outbound connection to an unusual IP address or host can indicate that an attacker has gained a foothold and is using it to install a program to help maintain connection and control.
  • Previous
    Disabled Antivirus or Defensive Tools
    Next

    Disabled Antivirus or Defensive Tools

    An attacker may leverage command and control to stop certain services or processes, like antivirus or defensive tools, to hide their activity. Such suspicious behavior indicates an attack underway.
  • Previous
    Action on Objectives
    Next

    Action on Objectives

    During the final step of an attack, an attacker carries out his or her main objective, compromising the network or accessing valuable assets like customer data, intellectual property or health-care data. To protect data in this final step, implement File Integrity Monitoring (FIM) to watch who accesses certain files and when.
 

It's important to have a plan in place to protect against the most common threats to your cloud infrastructure. Understanding your vulnerabilities by thinking like an attacker and mapping your defenses to the cyber kill chain can go a long way in protecting your organization. Taking preventive actions will result in an early warning against the most common threats and help you identify a potential security event before it compromises your data, network or business. "Security in the cloud requires an inversion of the traditional approach to security, so it approaches security from the inside-out vs. the outside-in," explained Brian Ahern, CEO of cloud security company Threat Stack. "Perimeters and assets are dying off, and role-based architectures are being made super-trivial in this software-defined everything world." An organization can identify a compromise and eliminate threats before they result in a security breach and data loss that could potentially bring down the entire business, he said. Here, Ahern shows how to recognize steps of an attack and measures you can take to repel it.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...