This article first appeared in Infoworld.com.
In my last article, I discussed threats that wreak havoc on data centers and why even relatively simple attacks can cause loads of issues for companies. Today, the threats that organizations face are only increasing in severity and frequency. During the first few months of 2017 mobile ransomware rose over 250 percent according to Kaspersky Lab. Additionally, GoldenEye, the new strain of the Petya ransomware, took the world by storm earlier this summer.
These examples are proof that attacks are getting smarter, enterprises are leaving themselves vulnerable and threat actors are doing more damage than good–at least in some instances. It’s time to challenge conventional wisdom. The traditional VM environment and reactive tactics, where anything on the VM requires constant monitoring, isn’t working anymore.
Is cloud-native security really that different? Is it a must-have? I’d argue yes. Cloud-native is the next evolution for security in the enterprise, because it gives every organization the ability to use the same tools and processes that modern fast-moving organizations, such as Airbnb, Google and Facebook, do. It’s a rethinking of IT, and a cultural shift more than a technological one.
Here are just three features of cloud-native cybersecurity that demonstrate those key differences, and how it can more effectively keep your company safe.
Cloud-native security allows more control
Both traditional VM security and cloud-native security can both protect against hackers attempting to connect to your servers. However, cloud-native security can do more. Because the network pattern used by the micro-services are much more specific and precise, and it is far easier to create predictive models using machine learning. For traditional VMs, multiple flows run in parallel and it’s much more difficult to create and maintain rules that precisely capture the full range of allowable traffic.
Cloud-native security prevents middleware hacking
One of the techniques used by hackers is to find “left behind” services that are in data centers, and use them and their escalated privileges. Cloud-native computing is helpful in this case, as there are very few “accidental” or “left behind” services.
Here, cloud ‒ and more specifically, cloud-native ‒ security is helpful in mapping your entire data center, and mapping exactly which elements are running and exposed. The fact that traditional VM security involves trusting IT people to not leave behind semi-exposed services helps cloud-native security shine in this scenario. As your app evolves and changes, or even if it doesn’t change and is left abandoned, cloud-native security continually protects it as it moves around the data center, scales up, or scales down. Cloud-native security eliminates the risk of security breaches caused by human error.
Cloud-native security blocks ransomware attacks
Cloud-native cybersecurity can help mitigate ransomware attacks. When a breach occurs, you often don’t know you’ve been hit —but within seconds a virus could silently begin encrypting files accessible via your network. Later on, when the encryption is complete, the ransom note will be sent.
Machine learning techniques (see here and here) employed by cloud computing solutions enable organizations to track normal and abnormal behavior which is a powerful tool to detect threats. You can whitelist elements in the host or microservices level, block actions or put alerts on them, thus giving you the ability to check the environment quickly if something out of the ordinary takes place.
Cloud-native security helps you and your organization build a more secure, robust and most importantly, flexible IT architecture. Cloud-native solutions can grow with the business, help block threats more quickly and reduce risk in an increasingly risk-filled enterprise environment.
Please subscribe to our blog for cloud-native security updates, or get in touch for a demo. Even better, if you’re at JenkinsWorld, stop by Twistlock’s booth (#112) to see Twistlock’s plug-in for Jenkins.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Twistlock Releases Serverless Runtime Defense
A few months ago, we wrote a piece on “The Continuum of Cloud Native...
Why DevSecOps is No Longer Optional
DevSecOps has been a hot topic within tech conversations for a few yea...
Better Together: Announcing The Twistlock Advantage Program
It’s been about three years since we exited stealth with the first g...
My Security Toolset Today Vs 10 Years Ago
It can be easy to forget how sophisticated IT security tools are today...
How to crash the Linux Kernel with a CDROM interaction – CVE-2018-11506
I’ve recently discovered and reported a buffer overflow vulnerabilit...