The challenge of cloud acceleration

Issue 2 2022 Integrated Solutions

A move to cloud, otherwise referred to as the ‘cloud shift’, that has triggered a change in the way organisations run, is accelerating across the business world.

As a MSSP (managed security services provider), SecurityHQ has experienced this shift across practically every sector and in response, is highlighting the new threats that are emerging out of this shift.

The positives and negatives of cloud adoption

Positive: cost reduction. Now that this model of service is gaining confidence, has been tried and tested, even smaller companies are choosing to make the shift to cost-effective models of cloud operation.

Negative: greater threat surface. While costs may be reduced, a change in cloud configurations and administration means that there are many new opportunities for adversaries to detect vulnerabilities and to exploit misconfigurations in cloud environments.

Businesses must take into consideration the follow key points, to reduce their threat surface when making the shift to cloud.

• A shift to API monitoring. With many additional intercommunications between applications and automations, application programming interfaces (APIs) are more powerful than ever. Almost all admin activities and enumeration activities are possible via API calls.

• Federated accounts. With hybrid cloud models, often during transition phases, we may see attackers ambushing trust relations where the cloud accounts are likely still integrated with traditional identity management systems, such as Windows Active Directory. It is important to monitor behavioural use cases, to watch and catch adversaries moving laterally to cloud resources.

• Misconfigurations. This age-old technique of leveraging misconfigurations is still relevant. Although many cloud computing solutions today allow auto fixing of the overly permissive policies or configurations, business continuity and pressure to get things working will always have a higher priority. Watch out for default security group configurations, which allow unrestricted outbound access. This is an easy channel for adversaries to conduct data exfiltration.

• Firewall controls. With cloud infrastructure, the pricing model greatly depends on storage being used. In many cases, you may notice that logs are one of the biggest consumers of storage than the applications. Traditionally, for on-premises models, the perimeter security firewalls were crucial points to be monitored and further internal activity revolved around application and access logs generated by the systems themselves. With cloud monitoring, virtual private cloud (VPC) traffic is an essential element to monitor, especially traffic between different security groups. This can be optimised by logging your crown jewels as these flow logs tend to be noisy. There are several use cases that can be built around the VPC logs to detect traditional access attempts and excessive failures, which may indicate a broken service or an attack as well.

• Correlation. Correlation is a key element when it comes to cloud-based models. We cannot just check one single data domain.

• An attackers eye view. An attacker will usually follow the below sequence.

1. Check for exposed services.

2. Exploit a vulnerable or misconfigured service.

3. Escalate privilege.

4. Move laterally.

5. Detonate - final objective.

Indicators or trails of attack which are left are different when it comes to cloud-based attacks. Which means it becomes increasingly important to know how the client is set up on the cloud. This is crucial for investigation especially with serverless computing.

Having conducted incident response investigations across a wide range of industries, SecurityHQ is best placed to work with businesses, large and small and across numerous technical environments to reduce the impact of a cybersecurity incident.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Access and identity in 2024
Technews Publishing Gallagher HID Global IDEMIA Ideco Biometrics Enkulu Technologies neaMetrics Editor's Choice Access Control & Identity Management Integrated Solutions
SMART Security Solutions hosted a round table discussion with various players in the access and identity market, to find out what they experienced in the last year, as well as their expectations for 2024.

Integrated transportation security
Guardian Eye AI & Data Analytics Integrated Solutions Logistics (Industry)
HG Travel installs an AI-powered camera system integrated across 115 vehicles throughout a fleet comprising 160 vehicles of different sizes, along with predictive and self-monitoring tools to track tyre condition, fuel consumption and theft, and overall vehicle maintenance.

Embracing next-generation surveillance for safer cities
Surveillance Integrated Solutions AI & Data Analytics
With the South African government highlighting the importance of building smart cities by integrating advanced technologies to make them more resilient and liveable, the role of next-generation network video and surveillance technologies cannot be ignored.

Gallagher Security releases Command Centre v9
Gallagher News & Events Access Control & Identity Management Integrated Solutions
Richer features, greater integrations, with the release of Gallagher Security’s Command Centre v9 security site management software designed to integrate seamlessly with various systems and hardware.

Zero Trust in 2024
Mantis Security Integrated Solutions IoT & Automation
The rapid development of artificial intelligence (AI) applications and uses in 2024 will profoundly impact security operations and AI-driven analytics, which can enhance threat detection, anomaly identification and predictive maintenance.

Integrating farming and security solutions for productivity
Security BIS Agriculture (Industry) Integrated Solutions
Security challenges are a harsh reality in South Africa, particularly for those in remote areas. Sadly, recurring rural crimes like farm attacks and livestock theft are part of the farming community’s lives.

Optimise operations in healthcare
Cathexis Technologies Integrated Solutions
Hospitals can see thousands of people gathering daily to provide medical care, seek help, visit loved ones, or undertake essential support or administrative work. Protecting everyone is critical to maintaining a safe environment.

Hikvision unveils range of network speakers
Hikvision South Africa Integrated Solutions
Hikvision has recently unveiled its latest audio product line, featuring various advanced network speakers. Each product is designed to meet different application needs, ensuring flexibility and adaptability across numerous environments.

HDR multi-camera solution for autonomous mobility
IoT & Automation Integrated Solutions
e-con Systems has launched the STURDeCAM31, a small form factor camera that has been engineered to make autonomous mobility safer by ensuring reliable and superior imaging quality even in challenging outdoor lighting conditions.

Integrating control rooms and response
WatchManager Integrated Solutions Residential Estate (Industry)
Control rooms have become a standard in large estates, and remote control rooms are finding a home even in smaller estates due to cost efficiencies and the increasing reliability of analytics and artificial intelligence.