Today’s complex application development and deployment environments based on cloud need SOAR (security orchestration, automation, and response) technologies to define incident analysis and response procedures.
The rapid pace of digital transformation and cloud adoption adds complexity that contributes to today’s cyber security environment. Increasingly, security teams lack the actionable information to spot vulnerabilities, attacks in the making, or to act. What’s needed is a security solution based on SOAR (security orchestration, automation, and response) technologies that allow an organization to define incident analysis and response procedures in a digital workflow format.
Scope of the situation
The use of cloud technology is exploding in the enterprise. Gartner predicts 70% of all enterprise workloads will be deployed in the cloud by 2023, up from 40% in 2020. This makes cloud deployments an attractive target for malicious actors.
Another factor contributing to the problem is that over the years, businesses have basically added more and more tools to manage and observe their infrastructure and application environments. Many of these tools are single-purpose and do not work well together. This has made it much harder to threats across an entire digital infrastructure.
Combined, these issues (rapid move to cloud plus the increased complexity of application deployment environments plus the use of a plethora of siloed tools) make it all the more difficult to protect against today’s cyber threats.
The recent 2021 X-Force Cloud Security Threat Landscape Report highlights the scope of the attacks and the challenge to defend against them. One major theme from the findings is that cloud environments need to be better secured.
The report found that cloud vulnerabilities surged. “Almost half of the more than 2,500 disclosed cloud-related vulnerabilities recorded to date were disclosed in the last 18 months. This steep growth emphasizes the importance of closely managing this growing risk as more vulnerabilities are exposed.”
Additionally, the report found a “thriving dark web market exists for public cloud access, with advertisements for tens of thousands of cloud accounts and resources for sale. In 71% of cases, threat actors offered Remote Desktop Protocol (RDP) access to cloud resources, enabling attackers to have direct access and conduct malicious activity. In some cases, account credentials to access cloud environments were being sold for a few dollars.”
Lax protection practices contribute to the problem. In 100% of X-Force Red penetration tests of cloud environments, the researchers found issues with either passwords or policies.
See Also: Continuous Intelligence Insights
How SOAR helps
Many businesses use a variety of security solutions, including vulnerability scanners, endpoint protection products, firewalls, intrusion detection and intrusion prevention systems, SIEM platforms, as well as external threat intelligence feeds.
The data and alerts from these systems offer a way to detect threats as they are emerging and then take action. The problem is that the volume of data and alerts makes it hard to integrate information and understand what’s happening. Those responsible for protecting the company from cyber threats must quickly assimilate all of that data, derive insights into looming threats in real time, and instantly take action. Increasingly, the way to accomplish that is by using SOAR (security orchestration, automation, and response).
One of SOAR’s biggest strengths is its ability to apply automation to security operations (SecOps). Tasks previously performed by SecOps staff, such as vulnerability scanning, log analysis, and ticket checking, can now be automatically executed by a SOAR platform. In addition, artificial intelligence (AI) and machine learning can be applied to derive insights. Furthermore, SOAR solutions are often used to elevate threats if human intervention is needed, make action recommendations, and automate responses. They use continuous intelligence to derive real-time insights upon which a company can base its response to a threat.
