The network is the new battlefront in cybersecurity. Hackers continue to increase the attacks and target cloud-based networks across applications, cloud-based servers, containers, cloud workloads, and more. As a result, databases are being exposed, data breaches are on the rise, and threat actors are deploying more APT and ransomware attacks.
Hackers know cloud security is still relatively nascent and are trying to capitalize on a vulnerable area that nearly all organizations have. Gartner® estimates that, “by 2025, cloud-native platforms will serve as the foundation for more than 95% of new digital initiatives — up from less than 40% in 2021.” ¹ Many of these cloud workloads run on Linux, giving hackers a clear target and operation system to develop exploits for.
Many organizations are trying to address these new security gaps by investing in cloud workload security (CWS) technology. But finding the right technology that provides the right combination of protection layers is key for ensuring that vulnerabilities and key security gaps are addressed.
To effectively combat this increased risk, we recommend cloud workload security that incorporates Network Attack Defense (NAD) capabilities that include Linux protection. Here’s why it’s so important.
The threats and consequences the cloud faces
The cloud is facing a barrage of threats that continues to rise as more and more companies continue to adopt the cloud across multiple areas of their business. Cloud-based vendors are providing key infrastructure services, and SaaS applications and providers are used more often in place of in-house and on-premise services.
As a result, hackers don’t need to embed themselves so deeply in order to infiltrate an organization. They can start with the cloud. Brute force attacks, credential stuffing, and account takeover attacks have never been higher. The number of cloud-based attacks reached 3.1M in 2020 and data breaches reached an all time high in 2021.
Across cloud workloads, many VM instances and Linux distributions lack the right security options and are open targets for organizations who haven’t invested in the right security tools. Our experts estimate that 75% of attacks happen over the network for many of these assets and services
Successful attacks can lead to a whole host of different issues including data leaks and breaches, ransomware, and APT attacks like cryptojacking. On cloud workloads, this can significantly affect productivity and output, resulting in a loss of business process and potentially, continuity. In worst-case scenarios, a company suffers a major ransomware infection or their most sensitive data ends up exposed.
What is NAD and why isn’t traditional network security enough?
Network Attack Defense refers to a security capability that can be found in cloud workload security and network security tools. An organization’s attack surface has become too large as a result of the cloud and without these kinds of security controls and capabilities, your organization and infrastructure is exposed.
Traditional network security often includes security controls like a WAF, configuration management, or even native public cloud controls. AWS, for example, has the capability of rule-setting on the instance level that blocks access based on identity and specific security groups.
However, these are just preventative measures and don’t take into account how attackers actually behave. Traditional network security controls try to stop an attacker from getting in and do little to actually prevent further damage and a more devastating attack once an attacker is inside.
Network Attack Defense automatically hardens the surface by detecting and preventing the most common attack vectors malicious actors leverage today. It provides post-intrusion defense that can prevent attackers from accessing deeper parts of an organization’s network, while improving detection capabilities in order to push out an attacker. This technology can also prevent data exfiltration and lateral movement across a network, significantly limiting an attackers’ damage capabilities.
Why NAD is a necessary component of CWS
Too many organizations leave themselves exposed even when investing in cloud workload security. They stop at just preventative and cloud-native measures that try and stop an attacker from entering a network, rather than implementing technology that will prevent further damage post-intrusion.
This results in a network that’s only protected behind authentication, rule-based access, and identity access management controls. However, if an attacker finds their way in, the organization is left completely susceptible.
Cloud-native controls, for example, can prevent unauthorized users from accessing an organization’s cloud. But with the proliferation of brute force attacks, organizations have to prepare for the very real scenario that credentials or access is compromised. In 2020, brute force attacks increased from 13% to 31% and one firm discovered a weekly increase of over 600% in June 2021.
If an attacker successfully compromised access to an account, those cloud-native controls won’t do much.
Many CWS solutions also fail to address the OS that’s most often targeted and exploited — Linux. Hackers are very much aware that 90% of the public cloud runs on Linux and can target and exploit cloud workloads accordingly. By not accounting for Linux, organizations leave themselves incredibly open to most of the attacks targeting cloud workloads today.
Having NAD that covers Linux as part of your overall network and cloud-based security is essential. This is a hardening capability that covers the most critical areas of vulnerability by protecting sensitive modules and directly protects against the most common attack vectors while detecting, preventing, and limiting attackers even after they’ve entered a network.
When looking for a CWS solution, having a Linux-based NAD capability as part of the core offering is necessary. This shouldn’t be an add-on or an additional capability an organization can purchase — it’s a necessary element to ensure your cloud is protected.
Learn more about Bitdefender’s Network Attack Defense capabilities.
Gartner® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
¹Gartner, Top Strategic Technology Trends for 2022: Cloud-Native Platforms.