Cloud / July 27, 2018

Threat Vectors in the Public Cloud – Challenges that Face Security Teams Today

The major cloud service providers today represent hundreds of data centers worldwide. This means that organizations are leveraging millions of IP addresses, compute instances and a variety of on-demand services, all available through just a few clicks of the mouse. The result? Enterprises can take advantage of innovation and scale. The downside? Security challenges – because security risks in the on-premises world are still prevalent in the public cloud.

Let’s Look at the Types of Attacks We Are Seeing in Public Cloud Environments

Phishing and spear phishing attacks occur when users click on a link and expose network credentials to hackers, leading to breach, data exfiltration or unknown cloud infrastructure usage.

Typically, enterprises deploy a cloud infrastructure that spans multiple regions and accounts. Microsoft Azure, for example, supports more than 50 regions across over 150 countries! Enforcing security policies for such a distributed infrastructure is challenging. If there is inconsistency in security configurations, the organization’s security posture is weak, resulting in attacks and/or compromise.

Many enterprises also leverage cloud-native security groups to allow for usage of needed ports, but attacks could happen on ports in the application layer, potentially leading to malware or data exfiltration.

So Why Not Deploy the Same Security Posture On-Premises and in the Cloud?

In the on-premises world, enterprises create chokepoints where traffic is consolidated entering or exiting the data center. Keep in mind, however, unmonitored traffic can enter from multiple endpoints – cell phones or laptops, for example. That’s why enterprises deploy multi-layers of security defense, such as:

  • Firewalls.
  • Endpoint protection.
  • Intrusion Prevention Systems (IPS).
  • Intrusion Detection Systems (IDS).
  • Advanced Persistent Threat (APT).

In the public cloud, organizations typically rely on cloud-native services such as identity and access management, security groups and logs, all of which have limitations in terms of application context and overall network traffic visibility.

So why not deploy the same security tools and solutions? Many enterprises feel that a higer level of security is unnecessary because they are not yet deploying mission-critical workloads in the public cloud. Many also belive that the cloud services themselves are responsible for protecting their workloads. As a result, they feel that cloud-native is “good enough” and that they are “safe enough” for now.

On the other hand, without proper insight into cloud infrastructure, organizations can risk their reputation and brand, customer base and be forced to pay large fines and fees if they break compliance or regulation standards.

GigaSECURE Cloud

True network traffic visibility is key to providing the necessary insights to effectively assess a cloud environment for threats. GigaSECURE® Cloud enables organizations to collect aggregated traffic — at the packet level — apply advanced traffic intelligence policies and send selected traffic to security tools regardless of where they are located.

Gigamon is pleased to announce that GigaSECURE Cloud supports agent pre-filtering at no additional costs, which whitelists or blacklists traffic of interest prior to sending it to the GigaVUE® V Series to reduce application and data egress costs. With GigaSECURE Cloud, organizations can leverage the same security posture in the public cloud as on-premises, while reducing costs throughout their environments.

GigaSECURE Cloud currently supports both Amazon Web Services and Microsoft Azure.

Try our AWS test drive or Azure test drive today to see how easy it is to deploy, configure and manage the platform.

Back to top