Hunting Down Public Cloud Security Risks

Jason Needham
Sr. Director, Multicloud Security at VMware
Published:
Oct. 1, 2019
10 minute read

Today, I’m going to focus on game changer for cloud securitynew capability that helps you effectively search, visualize, and investigate public cloud security risks. This new module, which we refer to as Explore, is delivered as a part of VMware Secure State, security and compliance solution for your multicloud environments. VMware Secure State aims to deliver an integrated approach that helps you improve cloud security posture and scale operations in a cost-effective way. 

We’re still in the early days of cloud security 

It’s been said many times that you can’t manage what you can’t see. That axiom is certainly true for cloud infrastructure and security. Still, many customers that I speak with really haven’t armed their security teams with this basic capability necessary to discover and understand their cloud infrastructure. Despite a “shared responsibility model”, the company side of that responsibility is not clear to many. To continue to innovate, service teams are self-policing and taking additional security measures. Unfortunately, most mid-size companies and above have several security teams with various cloud practices and controls in place that only add to the complexity.  

Too often security analysts are outmanned in the cloud and left without the visibility or tools needed to keep up with this rapidly automated infrastructure. In part, I believe this is a backlash against the traditional perception that security teams just block agility, which ultimately hindering innovation, rather than enabling an organization to move quickly and safely. While leading security organizations are adapting their processes and tools, the reality is that cloud security practitioners are struggling to get the access and insights they need in this new world.  

As a cloud security professional, there are 3 key steps you must take: 

Step 1: Get the minimum basic access and visibility across your cloud estate to do the job.    

With the shared responsibility model clearly articulated by each cloud provider, it’s incredible how many companies haven’t plumbed in visibility into 100% of their cloud estate, even within a single provider.  Too many companies that are several years into their cloud journey are in this state! Make no mistake, this isn’always a simple task as the number of cloud accounts continue to multiply like bunnies within most companies. Provisioning a new cloud account has become the “environment container” for innovation. New team, new idea? No problem! Here’s a cloud account under our master payer accountJust let me know when we you have it working so we can show it to customers. As a result, providing baseline visibility across the cloud estate is an ever-challenging task to be automated. Do you have 100% visibility into your cloud estate? 

Step 2: Automate the detection of dangerous cloud configurations and educate everyone, continuously.  

Any insider who touches cloud infrastructure is capable of making a mistake or having a simple gap in their knowledge of the ever-growing menu of cloud services. New people join the company with a variety of skills. Innovators build new services in new ways that are not well documented or understood. Experiments are quickly torn down and architectures recast with new templates that stamp out new patternsIn fact, Gartner predicts that, through 2020, 95 percent of cloud security failures will be the customer’s fault. To keep up, security owners must leverage cloud-like security automation to compliment improvements in cloud infrastructure velocity.  It’s not a question of whether tooling is needed! It's about what tools or approaches will allow you to “take responsibility” in a cost-effective waySeveral tools allow you to look for a set of known best practices or compliance issues in the cloud, but these insights must be rich in context and delivered in real-time if organizations hope to sift through the noise and scale security insights without breaking the bank. I’ve had people confess to being afraid of what they will find and worried about taking on this additional work because they can’t keep up. Detecting and responding to issues should be as flexible and quick as creating infrastructure. Is this what DevSecOps means to you? 

Step 3: Arm your cloud security owners with right tools to investigate security risks and threats.   

Because of the dynamic nature of cloud resources and variety of configuration settings, most organizations fail to govern with a one size fits all approach. Even the most DevOps forward organizations still have security events that the ultimate owner wearing the cloud security hat must investigate. The challenge for many IT organizations is to figure out how to give their traditional security teams the ability to see the broader context of their cloud configurations and bring them forward into this different world of cloud-based infrastructure.  Cloud security owners need automated detection and response, but they also need the ability to investigate issues effectively across their cloud landscape, correlate issues, and express security and compliance policies that match their organization’s governance needsGetting an accurate picture of what’s in your cloud is difficultbut understanding services and security issues in their cloud native context is even harder.    

Introducing Explore: a powerful new way to investigate public cloud security risk 

Today, many Information Security teams are operating with blind spots, relying on periodic scans that don’t provide cloud-speed visibility and struggling to piece together information required to rapidly respond to security events and challenges. 

Explore is a new capability within VMware’s Secure State platform that allows users to easily search for cloud assets and meta data, investigate relationships between these configured resources, correlate security findings, and search for suspicious activity.   

You can begin using Explore with an easy to access type-ahead interface that helps you build queries for objects and relationships. You can start the investigation from a simple point of interest such as an Internet Gateway, and then expand your view to build out a map of connected objects within the account. Afterall, you may care less about cloud assets that aren’t exposed through a specific internet gateway, so let’s concentrate on only those items.   

 

 

From simple inventory questions to those centered around an entire set of connected resources, queries can be saved to streamline future investigations against new environmentsdelivering fast, up to date results. Once defined, you can run a query to get back visual maps of how objects are configured together, inspect object settings and meta data, and start navigating object relationships to understand the broader deployment context and evaluate risks.   

 

Explore then enables you to add “layers” to your view to quickly visualize and correlate data from a variety of sources. This includes enabling fast access to relevant security information such as cloud configuration vulnerabilities, compliance violations, associated threat and change events. Explore also surfaces an aggregated asset-based risk score that factors in security findings and how central assets are to your cloud deployment. 

 

From Explore, users can drill into the details to take actions, suppress findings, report issues ,and share them with team members to follow up. 

Creating custom rules to automate detection across clouds 

The VMware Secure State platform ships with hundreds of predefined rules that codify provider specific best practices, cloud-native security, and compliance checks. However, many organizations need to define custom rules to meet their business unique governance needs or target rules specific to their application deployment. 

The custom rules capability builds upon Explore, enabling you to define new rules that extend your organizations security and compliance policies not addressed by our growing list of native platform rules. You can define a new custom rule by either modifying a native rule or saving a new explore query to continuously monitor your cloud’s security and compliance posture.  

 

Wrapping up 

Getting visibility and the right tools to quickly detect and understand issues is an important pre-requisite to good cloud security. To learn more about VMware Secure State or request free trial, visit https://go.cloudhealthtech.com/vmware-secure-state