Security News
Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.
Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. The survey assessed both the respondents cloud security practices and the scale of their environment, including the number of identities and secrets they manage, response time to an attack, the different methods of access into their environment, and the types of solutions they utilize to help secure their environments.
Sponsored Post Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world's best cloud security experts without leaving the comfort of your chair. Starting at 11 am UTC on Friday 18th August, the SANS Cloud Security Exchange 2023 is a free and virtual event that brings together cloud security experts from AWS, Google Cloud, Microsoft Azure and the SANS Institute onto one digital stage.
Moving critical data and workloads to the cloud has significantly changed information security teams. Most don't have the resources to be successful in their cloud attack modeling-not to mention the deployment of measurable controls to defend against these evolving attacks.
Attackers typically find exposed "Secrets" - pieces of sensitive information that allow access to an enterprise cloud environment - in as little as two minutes and, in many cases, begin exploiting them almost instantly, highlighting the urgent need for comprehensive cloud security, according to Orca Security. Orca's research was conducted between January and May 2023, beginning with the creation of "Honeypots" on nine different cloud environments that simulated misconfigured resources in the cloud to entice attackers.
Palo Alto Networks held its annual Code to Cloud Cybersecurity Summit Thursday, focusing on cloud, DevOps and security. Recently, Palo Alto Networks' Unit 42 issued a cloud threat report finding that the average security team takes six days to resolve a security alert.
Migrating to the cloud does not alleviate an organization's cyber risk, nor does it transfer the risk to the CSP. Instead, it requires a shared security model where roles and responsibilities are clearly defined. While the shared security model does make some aspects of cloud security easier, managing the risk of exploitation by sophisticated cyber threat actors is not one of them.
China has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick, the US ambassador-at-large for cyberspace and digital policy. The ambassador described China's actions in the telecoms industry as "a playbook" and warned the nation will "Run it in cloud computing they will run it in AI, they will run it in every core strategic technology area that matters."
What's more, orchestration platforms like Kubernetes carry additional security considerations, such as securing a cluster's network and API endpoints, which aren't as visible to traditional security tools. Lastly, with deployments growing in scale and complexity, manual security management becomes impractical and security automation - from threat detection to compliance management - is essential.
The Syxsense Synergy event last week featured a range of analysts, end users and company spokespeople with a central theme of the convergence of endpoint management and security - two areas that have traditionally remained apart. "That's why there is a growing need for the convergence of the security and endpoint management groups within organizations to address attack surface management, vulnerability protection and automated remediation."