Survival of the fastest

The move to cloud is by now irrevocable, but many organisations – as mentioned in countless research notes and surveys – have still to come to grips with security concerns and expertise.

Yassin Watlal, a systems engineer manager at cyber security company CrowdStrike, says the benefits of cloud are by now well known, particularly among ‘digitally native’ organisations, ones that were built to scale quickly from the beginning.

Speaking at ITWeb’s Security Summit this week, he says there are rewards to be reaped for older companies as they seek to stay competitive.

Cloud allows businesses to enjoy agility, elasticity and scale, he says, mentioning the example of the Pokemon Go game, which saw 50 million downloads in 19 days, and 500 million in two months. “There’s no way you can have an administrator running around like a headless chicken and spinning up servers.”

He says while more and more businesses understand the value of shifting their servers to the cloud, they are less sure about the impact on security, which, in turn, has led to an increased number of cloud breaches. These are often owing to misconfiguration, which typically would not have happened if the data had been hosted locally.

Still, there are some that are struggling to begin the migration journey, such as the US federal government, which he says spends 75% of its budget on legacy IT, driven in part by ‘that’s the way it’s always been done’.

Endpoints, too, are shifting to disparate clouds, virtual machines or containers. This poses challenges of visibility.

Legacy cyber tech is also past its sell-by-date. He says there are new attacks, for which organisations need a new approach, some of which include EDR, threat hunting and Security-as-a-Service.

He says while five years ago criminals may have used ‘noisy malware’, sophisticated tools from nation states are now finding their way into the ecosystem.

Endpoints are also under continued attack, which come in a number of variants. This, says Watlal, requires a number of responses.

How to fight back?

A first step is realising the value of gathering intelligence that will inform the prioritisation of threats in a security strategy. “We can’t be running around and fixing things that really don’t matter.” Increasing the use of red teams and penetration testing may also help. It is also important to measure the effectiveness and resilience of a security programme. “Cyberattacks are there…am I confident that my network is clean and the business can go back to what it was?”

Watlal also introduces the concept of ‘survival of the fastest’.

“When they get in through the open door, they’ll be super-fast, and we need to block the threats as soon as possible. Speed is critical, especially in the first stages of the attack.” This is even more important if infrastructure and data are cloud hosted, or partly hosted there.

Laggards will also find it more difficult to contain the threat, and the last thing organisations will want is for attackers to reach servers or services in their environment. Hackers will first gain access and then execute the attack, after which they’ll escalate their privileges and gain access to credentials, and only then will they move laterally through the network. At each step, they’re vulnerable and each of these steps provides an opportunity to shut them out. As a general rule, organisations should aim to detect the attack in at least a minute, mount an investigation lasting not longer than 10, and respond within the hour.

Watlal also has some advice, including proper security hygiene such as user awareness, asset management and multi-factor authentication. To merely block malware is to miss the point and he urges organisations to make use of endpoint telemetry to respond quicker; in other words, speed is of the essence.