by Anastasios Arampatzis
Visibility is the foundation and one of the greatest challenges of building an efficient cyber defense. In legacy organizations, all assets were confined within the four walls of the organization. But now, cloud-first organizations are entities with no boundaries. Assets – data, IoT devices, containers, APIs – can be located anywhere and can interact with each other from everywhere. Having visibility into these distributed assets is vital for their proper management. Their discovery within the complex environment they reside in becomes a headache for the security teams of any business. If you don’t know what assets you have and where they are, how can you develop, implement and maintain a cybersecurity defense strategy to protect them against potential cyber threats?
Identification is critical
The NIST Cybersecurity Framework, which aligns the policy, business, and technological approaches to manage and reduce cybersecurity risk, lists five core functions:
- Identify
- Protect
- Detect
- Respond
- Recover
These functions organize the basic cybersecurity activities in order to achieve specific outcomes at their highest level and aid businesses to express their cybersecurity risk management. Whilst these functions shall be performed concurrently to minimize the dynamic cybersecurity risk, Identify function is considered to be the most foundational one.
The Identify function provides asset visibility
The Identify function provides the structure for the rest of the functions to be built upon. The NIST framework defines Identify as a function to “develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities”. From that perspective, the function is responsible to provide clear visibility to all systems and platforms included in an organization’s infrastructure, including the cloud-native ones, and that no vital IT asset will be left “in the dark”.
Furthermore, the function identifies risks that can impact critical systems for the operation of a business, like production servers. If the risks and the resources that support critical operations can be identified, better prioritization of the organization’s cybersecurity efforts can be performed. Outcome operations that fall under the Identify function are Asset Management, Governance, Risk Assessment, and Management Strategy.
Being able to identify means having all your assets visible, knowing where they are, and implementing best security practices to protect them from cybercriminals and cyberattacks.
Asset discovery is important
What happened and businesses have increased their exposure to cybercriminals, although they are more aware of these risks? Why did they become more vulnerable to cyber-attacks? The reason is not one but a combination of things that happened and changed our lives and habits during the last years. First, is the rapid evolution of cloud technology and the objective difficulty to catch it up. Secondly, the pandemic changed the way we work; now it is not unusual for someone to work from his home instead of going to his office, or to see people bring their own personal computers at work and have their devices connected to the organization’s secure networks. These labor habits increase the attack surface and the security gaps.
As cloud technology advances “at the speed of light”, asset visibility becomes one of the most important factors to consider when a business organizes its cybersecurity defense. The dynamic nature of the cloud is what makes it powerful but at the same time vulnerable. The number of new cloud based technologies and the speed with which they emerge can easily leave cloud native assets undiscovered; invisible, unattended, and thus not protected.
As the cloud becomes a dominant environment, one must consider seriously its security. Security needs to evolve with technology. Traditional security is not going to work, as the cloud is boundaryless, changing too fast for manual security processes, and is decentralized. Infrastructure as Code (IaC), an approach that manages cloud infrastructure by machine-readable definition files increases misconfigurations that eventually lead to cloud breaches. Add to these challenges, the pace of new cloud-native technologies popping up everyday and the skills shortage of experienced security professionals, and you end up with a mixture of hard-to-secure cloud structure and difficult-to-discover and protect cloud native entities, such as APIs, Kubernetes, microservices, and containers.
Axonius 2021 report highlights assets visibility as one of the most critical security challenges, as the pandemic accelerated massive cloud technology adaptation. Changes in BYOD approach and hybrid workforce have remained in the post-pandemic era as residual habits. The report revealed a widening of assets’ visibility gaps in cloud infrastructure, end-user devices, and IoT device initiatives, resulting in increased attack surface and security incidents.
Dave Gruber, an ESG analyst, stated that «when IT and security teams lack visibility into any part of their attack surface, they lose the ability to meet security and operational objectives, putting the business at risk. In some cases, organizations were reporting 3.3 times more incidents caused by lack of visibility into IT assets.»
The common denominator of all these vulnerabilities is the lack of visibility; in complex cloud environments, asset discovery and management become a tough exercise for security teams. Sophisticated automated security procedures can help with cloud security posture to get a complete picture of IT assets inventory and attack surface. This can help identify vulnerabilities caused by misconfigurations that can jeopardize the cybersecurity of the entire cloud infrastructure ecosystem.
Gain asset visibility and manage your cloud security posture
ADACOM can provide consultation and solutions to manage your cloud properly, maintain clear visibility into your inventories, and strengthen your cloud security posture. It can help you get visibility across multi-cloud environments, spot changes and anomalies over time, monitor and assess the environment for adherence to compliance policies, uncover hidden threats and monitor intentional and unintentional risks through the prevention, detection, response, and prediction, cyber security loop. Contact ADACOM for any questions you may have.