We're only as strong as our weakest link, so in a time when our attack surfaces are growing beyond what traditional security measures can keep up with, we must work to understand unknown threats and improve attack signal clarity.
CISOs and their SOC teams are working with a frustrating lack of visibility. As more incidents occur in the cloud, a prevention-first mindset can quickly become a "blindness tolerated" mindset — one that ultimately enables attackers. Signal clarity must be the priority. We can enhance clarity through the implementation of three pillars designed to address three unknowns.
Cloud becomes the norm, and security suffers
Following a few years of rapid change, Gartner finds worldwide end-user spending on public cloud services is forecast to grow 20.7% to total $591.8 billion in 2023, up from $490.3 billion in 2022 and higher than the 18.8% growth forecast for 2022.
When it comes to Asia Pacific specifically, IDC finds cloud adoption is heavily impacting business growth and resilience. Companies throughout the region stated they plan to allocate around 34% of their overall budget to infrastructure-as-a-service platforms (IaaS) as they look to manage and control critical parts of their businesses without having to spend on data centres and physical servers.
When it comes to security, according to IBM Security researchers, 45% of breaches in 2021 happened in the cloud. While Vectra has found that 72% of security leaders fear an attacker has already infiltrated their environment, they lack the means to verify if or where this has happened.
What defines an unknown? Breaking down three blind spots
A top blind spot for organisations is unknown exposure. And with a constantly expanding attack surface, security teams now have more surface where unknowns exist. Governance, risk, and compliance (GRC) leaders often collaborate with cloud security posture management (CSPM) teams on vulnerability detection (misconfigurations, neglected updates, etc.), but often this is not enough to prevent attackers from infiltrating the cloud. In fact, according to a 2021 survey by CheckPoint Software, 75% of successful cyber-attacks in the previous year exploited vulnerabilities that were more than two years old.
Next, unknown compromise. This is a worst-case scenario for CISOs, especially given the limitations of today's point solutions to cover networks, endpoints and everything in between. The likes of IaaS, PaaS and SaaS can make a hybrid cloud landscape complex and difficult to secure. Siloed tools sending a snowstorm of false positives to security teams enable attackers to slip by unseen, especially as their tactics continue to advance.
The white noise problem also feeds into our third unknown — unknown threats. Even when a vulnerability has been discovered, it can be a difficult task to discover the infiltrator and its payload. Defenders and incident response teams can be slowed by point solutions, dashing from pane to pane trying to piece it all together. This can lead to late discovery as security teams sift through mountains of false positives, by which time attackers have already done their damage.
Tackling three primary challenges and barriers to clarity
Once these top three blind spots have been addressed, we must move towards signal clarity. First, our people need our support. We know that in the Asia Pacific, security leaders are struggling to hire skilled people or retrain as needed. This is leaving gaps in our expertise and more pressure on team members who are there. We need to support staff to tackle the escalation in threat incursions and their sophistication and grasp cloud security's intricacies.
The second challenge lies in our processes. When IBM Security tells us it takes organisations an average of 10 months to identify and contain a breach, we know we have to implement automation to effectively reduce manual tasks and improve workflow orchestration. And third, we must address our technology shortfalls, where blind SOCs scramble ineffectually to get a handle on their environments and the threats they face.
Three deliverables to improve attack signal clarity
To follow the theme of 'three', here are three deliverables that will ensure true Attack Signal Intelligence in a hybrid cloud.
The first is attack coverage. SOC teams must consolidate their threat visibility and detection capabilities across their entire hybrid and multi-cloud attack surfaces - IaaS, PaaS, SaaS, identity, and networks.
The second is signal clarity, which calls for SOC teams to know when an attack is taking place and the motions made by the attacker after they gain access — so teams can clearly prioritise it as a critical threat. This forms the heart of Attack Signal Intelligence and leverages some of the most advanced AI in the industry. It is this signal clarity that will allow investigators and hunters to get back to doing what they do best — investigating and hunting threats.
Finally, intelligent control means having the right context at your fingertips to speed up investigations, automate workflows, and target the response action to disrupt or contain an attack. Invest in the right tools, processes, and playbooks to boost SOC efficiency and effectiveness.
Protecting our systems and teams
If we can't improve clarity and visibility over our hybrid cloud environments, then what promises to be a huge benefit to our organisation could instead be our downfall. Thankfully, we can clean up our methods and give Attack Signal Intelligence its overdue turn at the wheel.