Continuous Intelligence Needed to Parry New Cyber Threats

As businesses move to the cloud and cloud-native development, new security threats have emerged, and complexity often grows. As a result, traditional approaches to security break down. Increasingly, what’s needed is a security solution that aggregates events and streaming data from a plethora of sensors, point solutions, and more and derives continuous intelligence on this data. Such insights from this analysis can then be used to complement the work of security staff by prioritizing alerts and automating remediation processes.

Several studies help put the new risks and complexity challenges into perspective.

New vulnerabilities and complexity slow remediation

The recently published 2021 X-Force Cloud Security Threat Landscape Report found that two out of three breaches of cloud environments were caused by improperly configured APIs. The study also found that many virtual machines were left with default security settings, misconfigured platforms, and insufficiently enforced network controls. Additionally, the study found password and policy violations, such as unchanged default credentials, weak passwords, and shadow IT in 100% of cloud penetration tests conducted over the past year.

The main takeaway from the report isn’t that enterprises aren’t doing the basics, but rather that as they try to, they’re “crashing into a complexity wall that they inadvertently built around their business.” Exasperating this issue is the fact that businesses have been bolting one security tool on top of another for years, creating a hard-to-manage environment. Such conditions make it much harder to monitor for real-time threats and nearly impossible to find the root cause of problems and quickly automate a remediation response.

See also: Continuous Intelligence Insights

Increased use of open-source is an additional security factor

Other studies have found similarly problematic issues that require new approaches to application security.

For example, open-source software and components have been widely used for many years. A 2016 state of the software supply chain found that 80% to 90% of typical applications contain open-source components. Today, the percent must be in the same range or higher given the growing reliance on open-source elements in many modern applications. Developers routinely create applications that use open source for the OS, media player, programing language (e.g., Python), analytics engines, databases, and more.

The security implications of reliance on open source were highlighted in a report last year by the Laboratory for Innovation Science at Harvard and The Linux Foundation. The report noted the need for an “understanding and addressing of the security complexities in the modern-day software supply chain where open source is pervasive, but not always understood.” It noted that it is difficult to fully understand the security of open-source software because “by design, it is distributed in nature, so there is no central authority to ensure quality and maintenance,” and it can be freely copied and modified.

A Working Knowledge article from the Harvard Business School detailed some of the findings of the study. It noted one of the main security issues is related to legacy code. The study noted that outdated legacy code often remains in production even though improved code has been introduced. This can happen when the newer code has not yet overtaken its predecessor in terms of sheer usage. “Without this awareness,” the report reads, “and especially without processes and procedures in place to address the risks created by legacy [open-source software], organizations open themselves up to the possibility of hard-to-detect issues within their software bases.”

These or any other security vulnerabilities in any element of a distributed and loosely coupled cloud-native application could be exploited. If that were to occur, the application as a whole could be at risk.

How continuous intelligence can help

Continuous intelligence in a security information and event management (SIEM) role can help identify gaps in the security infrastructure that humans may not detect. That includes rapid response to attacks, coverage across a distributed computing environment, and the ability to deal with inputs from varied niche tools.

Used in this manner, continuous intelligence can offer a unified view of many diverse systems. And it helps to bring some level of simplicity to the complexity that continually grows in organizations today.