Tool proliferation and fragmentation is a real problem within the cloud security industry. Enterprises have up to 75 security tools in their stack. This creates operational, management, cost, and alert fatigue problems.
Today's ๐งต explores this topic. Let's dive in ๐
Tool Fragmentation Stats:
A. 78% of organizations use > 50 different cybersecurity tools, with 37% using > 100.
b. >500 public cloud sec alerts daily from tools.
c. Tool fragmentation requires ADDITIONAL tools to correlate alerts across systems further cycle of alert fatigue.
What has the industry response been?
โ๏ธ๐ industry is now in a stage of consolidation - bundling rather than unbundling products & services. In the cloud, this consolidation has taken place in terms of CNAPP tooling.
Read more about importance of #CNAPP in our previous ๐งต!
twitter.com/deepfence/status/1607752300805894146?s=20&t=SUcGmAO7jHp3b0ZL42xNbA
However, as we've seen in previous ๐งตs, not all CNAPPs are created equal in their approach. Depending on philosophies around agentless vs agent-based approaches to security, GTM strategies, and marketing positioning, certain CNAPPs will prioritize certain feature sets.
What is right balance of tools, features, & where should companies start in securing the โ๏ธ!
The rest of this post will explore fundamental areas of securing the cloud we think companies should have in order to level the playing field against threat actors w/i the โ๏ธ!
Vulnerability Management:
Vulnerability scans give a snapshot of WHAT risk is present in the env that threat actors can exploit & help quantify the severity of that risk, as well as give quick paths to remediation.
These tools also help w/ an org's continuous compliance!
Vuln Mgmt (cont..)
In order to get vulnerability management fundamentally right in the โ๏ธ, companies should adopt a risk framework to interpreting vulnerability scan results that focus on exploitability.
twitter.com/deepfence/status/1605603619956412419?s=20&t=oz2X1OX526wJyR45fvUiMA
Vuln Mgmt (cont...)
This allows companies to have a holistic look at risk within their environment, but also the MOST EXPLOITABLE instances of risk based on the attack vectors, paths, & TTPs a threat actor would use to implement that exploit.
CSPM:
Benefits of implementing cloud security posture management as part of your โ๏ธ๐ program include:
a. Identify misconfigured security settings & other vulns, such as open ports, exposed credentials, and lack of encryption, that could be exploited by cyber criminals.
CSPM (cont...)
b. Continuous compliance - compliance reqs require certain "hardening" of systems and configurations to be present in order to protect sensitive data - CSPM help align a companies posture to these regs.
c. Consistency of posture across multi-โ๏ธ environments
Secret Scanning -
a. Secret scanning tools help companies identify &prevent the accidental exposure of sensitive data, such as credentials, private keys, and other secrets, that may have been accidentally exposed in source code, configuration files, or other resources.
Secret Scanning (cont...)
b. Secret scanners give companies a complete picture of "accidental risk" within their environment. Devs inevitably will push code with config issues or exposed secrets. These prevent accidental exposure while maintaining regulatory compliance.
Malware scanning -
a. Over 270,000 new malware variants never seen before were seen in H1 2022. This explosion of new variants requires signature and fileless malware detection methods to prevent ransomware and destruction of critical systems and data!
Malware scanning (cont...)
b. Understanding TTPs of how threat actors will move within the environment prior to dropping malware allows security teams to write detections based on attacker behavior rather than known threat intel, which is important in zero day attacks.
If companies are able to effectively operationalize the four โ๏ธ security capabilities mentioned above they'll have an equal starting point for addressing threats in the โ๏ธ. @deepfence believes everyone should have access to these capabilities, so we open sourced them!
twitter.com/deepfence/status/1600513785793368066?s=20&t=55qAnqPxnpG2_kB5TzP9bQ
Want to learn more about how @deepfence consolidates key tools for โ๏ธ๐ & operationalizes them w/ a risk framework based on exploitability, schedule a personal demo w/ @ryancsmith2222, Head of Product, to learn more: go.deepfence.io/15-minute-demo
Deepfence
@deepfence
Securing your apps in production across the entire cloud native continuum โ clouds, Kubernetes, containers, serverless, and more