In the first blog in this series, we talked about our high level vision and strategy around ThreatBlockr Everywhere. Simply put, it’s the ability to deploy threat intelligence at scale to protect data and users wherever they are – on prem, in the cloud, and remote and mobile environments. In this blog, we take a closer look at the shift of applications and data to cloud environments, the security risks and challenges this creates, and how the ThreatBlockr platform can be used to protect cloud environments.
The Shift to Cloud Continues To Accelerate…
The shift of applications and data from being hosted in traditional on-prem environments to the cloud is well established. This has been evidenced by the significant growth experienced by cloud providers including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. The impact of the pandemic has been an acceleration of this shift.
Cloud adoption has been significant for both large enterprises and small and mid-sized businesses (SMB). According to Flexera’s 2021 State of the Cloud Report, enterprises are running 44% of workloads and storing 44% of data in a public cloud. Within twelve months this is expected to increase to 55% and 52%, respectively. The report also indicates that SMBs are currently running 64% of workloads and storing 59% of data in public cloud environments. These figures are expected to grow by 5 and 8 percentage points within the next twelve months.
…Resulting in An Expanded Attack Surface & More Security Risk
The shift to cloud results in an expanded attack surface and greater risk. According to the Sophos State of Cloud Security 2020 Report, almost 75% of organizations hosting data or workloads in the public cloud experienced a security incident in the last year. 70% of organizations indicated they were hit by malware, ransomware, data theft, account compromise attempts, or crypto jacking in the last year. According to the Flexera report, security was indicated to be the biggest challenge with the cloud.
Multi-cloud Multiplies Threats & Risks
While using one public cloud provider significantly expands your attack surface and cyber risks, this challenge becomes exponentially larger when using multiple public cloud providers. In fact, multi-cloud use is the norm with the Flexera report indicating that 92% of enterprises have a multi-cloud strategy with 43% using multiple public and private clouds. The Sophos report further validates this indicating that 73% of organizations are using two or more public cloud providers. Importantly, these organizations reported up to twice as many security incidents as those using one cloud platform.
Securing Cloud Environments
With a clear need to secure cloud environments, the next question comes down to how you go about doing it. It’s generally well understood that security in the cloud is a shared responsibility model with the cloud provider responsible for securing the cloud infrastructure they provide and the customer responsible for securing the applications and workloads that run in the cloud.
While the nature of public cloud means there are some nuances and unique factors when it comes to cyber security, at a high level many of the things that organizations do to secure on prem environments also need to be done in public cloud environments. This includes securing the virtual networks that provide access to applications and data in the cloud.
Cloud Native Controls Provide A Base Layer of Security
One of the unique aspects of public cloud environments is that all cloud providers offer their own native security controls for their respective environments. For example, AWS offers a Network Firewall (recently launched), a Web Application Firewall (WAF) a threat detection service called GuardDuty, among other services. Cloud native security controls provide a base level of security capability that is sufficient for some customers but insufficient for others. Customers looking for more advanced security controls will deploy cloud security technologies from best-of-breed security providers. For example, if a customer wants a more robust next generation firewall capabilities than what AWS, Azure, and Google Cloud provide they will deploy a cloud-based next gen firewall from a provider like Palo Alto Networks, Fortinet, Barracuda, etc.
Best-of-Breed Controls Provide Consistency and Manageability Benefits
There are two other key reasons many organizations deploy best-of-breed security controls to secure cloud environments – consistency and manageability. The reality of today’s environments is that they are hybrid and multi-cloud. According to the Flexera report, 82% of organizations have a hybrid strategy, which means they are operating a mix of on prem and cloud environments. As mentioned previously, when it comes to public cloud multi-cloud is the norm.
This leads to a key challenge in using native cloud security controls, which is they only work in a specific cloud provider’s environments. This means they can’t be used in on prem environments or in other public cloud environments. A significant advantage of best-of-breed security controls is they can be deployed across multiple environments allowing organizations to deploy consistent security controls and policies across on-prem and multi-cloud environments. While there are significant security benefits with this approach, there are also manageability benefits as operating with a mix of on prem controls and cloud native controls can result in significant complexity, management challenges, and higher costs (both direct and indirect like time spent).
Securing Cloud Networks Requires A Layered Security Approach…
A key similarity between securing cloud environments and on-prem environments is the need for a layered security approach. For example, when it comes to securing cloud networks, a cloud firewall will provide a solid base level of security but this alone is insufficient to protect your cloud networks. The challenge with cloud firewalls is consistent with on-prem firewalls, which is they detect and block threats using their own proprietary threat intelligence. While this threat intelligence has value, it alone is insufficient because it represents only a single vendor’s view of the threat landscape.
…And the Use of Multi-Source Threat Intelligence
With cloud environments representing a ripe target for attackers, the need for multi-source threat intelligence from a broad spectrum of sources is critical to protecting cloud networks. While firewalls lack this broad-based intelligence, they also have significant limits when it comes to integrating third-party threat intelligence data. This holds true for both cloud native and best-of-breed cloud firewalls.
How ThreatBlockr Helps Protect Cloud Networks
Well it took a while to get here but this is a perfect segway into how ThreatBlockr can help you secure your cloud environments. The ThreatBlockr platform protects cloud networks by blocking known bad traffic at scale without adding latency. We do this using massive volumes of third-party IP and domain threat intelligence data. Our cloud-based service aggregates threat intelligence from best-in-class threat intel data providers and integrates it in real-time from systems that generate actionable threat intelligence like Threat Intelligence Platforms, SIEMs, SOARs, endpoints, network, etc. Our cloud-based service deploys dynamic threat intelligence and simple user-defined policies to our ThreatBlockr Cloud virtual appliances. ThreatBlockr Cloud virtual appliances are deployed inline between the Internet and your virtual private cloud networks (i.e AWS Virtual Private Cloud, Azure Virtual Network, etc.).
ThreatBlockr Cloud provides a critical layer of cloud network protection improving your ability to detect and block threats targeting cloud networks. Specifically, with ThreatBlockr Cloud you can:
- Block up to 150 Million malicious IP and domain indicators at line speed far exceeding the capabilities of any cloud native or best-of-breed next gen firewalls.
- Protect your cloud networks using tens of millions of “out-of-the-box” threat indicators from best-in-class threat intelligence providers including commercial, open source, and government sources to protect cloud networks.
- Easily integrate IP and domain threat indicators from any source in real time using over 50 “out-of-the-box” connectors and integrations. This includes integrations with ISACs/ISAOs, Threat Intelligence Platforms, SIEMs, SOARs, and other systems.
- Improve your ability to detect, investigate, and respond to cloud threats by leveraging ThreatBlockr Cloud’s high value log data, which can also be easily exported to SIEM and log management solutions using our powerful syslog export capabilities.
ThreatBlockr Cloud is currently available for AWS and in the near future will also be available for Azure. We also have future plans to support Google Cloud.
As you can see ThreatBlockr provides a powerful layer of network protection for cloud environments. However, what’s even more powerful is ThreatBlockr Everywhere – the ability to deploy our platform wherever applications, data, and users are – on-prem networks, cloud networks, and remote/mobile environments. With ThreatBlockr, organizations can easily deploy threat intelligence at scale across all of these environments providing consistent protection.
In our next blog, we will take a closer look at securing mobile and remote users and the trend towards consuming security as a cloud-based service.
Until then, click here to listen to our CTO discuss How to Protect Your Data and Users Wherever They Are with ThreatBlockr Everywhere .
For more information for how ThreatBlockr can help protect networks everywhere visit our website.
For more information on ThreatBlockr Cloud for AWS check out our AWS Marketplace Listing.