Security Lessons Not Being Learned


Attack Surface Management
Cloud Security
Identity & Access Management

Risky Behavior: Just 5% of Security Rules Trigger 80% of All Alerts, Study Finds

Global Cloud Migration: Security Lessons Not Being Learned
Image: Shutterstock

Attackers on average have been enjoying slightly more than six days to exploit an unmitigated vulnerability before security teams resolve it, despite research continuing to demonstrate how hackers begin exploiting flaws within hours – or even minutes – of a new security alert being disclosed, researchers warn.

See Also: Live Webinar Today | The Evolution of Network Architecture: What You Don’t Know Can Hurt You

That time lag between a new vulnerability coming to light and when defenders lock it down is particularly problematic in the cloud, says Palo Alto’s Unit 42 threat intelligence group. In particular, Unit 42 researchers have found threat actors becoming more adept at exploiting not just unpatched vulnerabilities, but also more common, everyday issues such as weak credentials and lack of authentication.

Projections from Gartner estimate worldwide end-user spending on cloud computing will grow to $592 billion this year.

Even so, analysis from Unit 42 suggests important lessons about security aren’t being learned and applied. According to its analysis of workloads in 210,000 cloud accounts across 1,300 organizations, three-quarters of organizations don’t enforce multi-factor authentication for console users. Researchers found sensitive data in 63% of publicly exposed buckets.

Another datum from the report: Just 5% of security rules triggers 80% of the alerts. “In other words, every organization has a small set of risky behaviors that are repeatedly observed in their cloud workloads,” Palo Alto writes.

Researchers attribute some of that recurrence to IT and security teams’ repeat reliance on ready-to-use templates and default configurations, via which basic errors or problems can be compounded. “Most organizations repeatedly make the same mistakes, such as unrestricted firewall policies, exposed databases and unenforced MFA, all of which likely originate from an isolated number of engineers and IaC templates,” the report says, referring to infrastructure-as-code.

Unpatched vulnerabilities can give attackers a straightforward tactic for gaining initial access to a victim organization’s internal IT environment. Nearly two-thirds of the codebases in production have unpatched vulnerabilities rated as being either high or critical in severity, which can facilitate attackers remotely executing malicious code of their choosing in the environment.

“New vulnerabilities can crop up at any time, and a single vulnerability can be propagated to multitudes of cloud workloads due to software dependency,” Unit 42’s report says. “This underscores the fact that no matter how secure the underlying cloud infrastructure is, vulnerable applications in the cloud open up potential attack vectors.”


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *