Native Cloud Integration for ASM and Vulnerability Management. Keeping pace with the continuous flux of cloud deployments – “Edgescan Cloudhook”
IT environments are ever-changing and dynamic. New applications, infrastructure and data are often added without the security team’s knowledge which in turn expands the attack surface. Security policies are typically ignored at scale with makes understanding your digital footprint a near impossible endeavour.
Massive multi-tenant and multi-user environments, dynamically allocated resource or simply the sheer number of services to secure will ultimately lead to one or more of the following:
If Your organization is using cloud services, particularly from one of the “big 3”, namely, AWS, AZURE and GCP you first need to identify if they form part of your main security strategy and if not, they should be front and centre. To mitigate cloud computing security risks, there are several best practices that all organizations should work towards, but it all starts with one word “Visibility”. The first step should always be to understand what’s deployed on the public Internet AKA Attack Surface Management (ASM). The Second step is to take that inventory and ensure it is secure and free of vulnerabilities (VM).
This is where technology is required particularly to cloud integrations which are vital in plugging the gaps that traditional inventory management tools can miss. Most modern cloud consoles will feature some sort of asset management tool but typically what’s on offer is a basic visibility component. And yes, this is the first step but why not solve multiple problems with one solution?
An organization needs to ask itself how its cloud inventory is being monitored by their security tools as it evolves. Can you trust that once a new service is spun-up or changes over time, that it is automatically being scanned for vulnerabilities or exposures?
You will find the visibility components of modern cloud providers can be limited with regards to exposure. Having visibility that a cloud endpoint is exists is clearly not enough. An organization needs to understand what’s running on that device, are services in date and most importantly what services are exposed to the wild.
Let’s take Phishing for example. In 2020 and 2022 it remains the most common security incident to affect cloud environments. According to statista.com it accounts for 73% of overall attacks. The traditional approach to remediation is to invest heavily in email security and employee security awareness training. While this is important, it’s clear to see that it is a mitigation as opposed to a comprehensive fix. The recommended approach should be to focus on closing the door as appose to simply employing a doorman.
Most ransomware variants rely on a technical aspect and human error. The Technical aspect typically will target exposed services such as RDP, SSH, SMB, FTP, misconfigured firewalls etc. If an organization can understand where they have these types of dangerous services exposed, they can plug the leak “before the pipe bursts”.
Cloud integrations or as we like to refer to them “Cloudhook” are connectors designed to accomplish this task. They provide an effective way to automate your cloud security program, particularly as it relates to Attack Surface Management (ASM) and Vulnerability Management (VM). Edgescan Cloudhook is designed to consolidate both ASM and VM into a unified solution. – Visibility and Vulnerability detection, in real-time as the cloud deployment evolves.
As services are spun-up and down the Cloudhook should automatically enumerate and inventory an organization’s environment into its ASM and Vulnerability management modules. Automatic security assessment, visibility and exposure detection.
Firstly, let’s look at the unique benefits that a feature-rich ASM solution can offer:
Again, to hammer it home – Complete Visibility is the cornerstone of a robust security posture. You can’t secure what you don’t know about. With today’s cloud-enabled and rapid development environment, technologies such as Cloudhook must be considered as vital in your security program as running vulnerability scans or penetration tests.
However, as an interesting side-step one of the scenarios, I’ve recently witnessed is clients will use ASM and Visibility as a tool to focus on cost-saving or reaching carbon goals. The premise is quite similar. If a service should not be deployed, then take it down.
After Exposure has been reviewed and mitigated, the next step is to ensure vulnerability scanning and security testing is taking place, With the Edgescan Cloudhook this happens seamlessly in conjunction with ASM.
In conclusion, the takeaway here is that native cloud integrations (CloudHook) are a vital component for any client that is mature in their cyber security posture, or for any client that is undergoing Digital Transformation to the cloud. Don’t be fooled by the suite of tools offered by your hosting provider. Yes, they provide ways to do basic inventory, but the bigger picture of the overall Cloud environment security needs to be considered. A modern competent Security vendor will have the ability to fully automate the various aspects of your cloud security and take away the pain.
Sales Engineering Lead
Marketing Executive of Edgescan