Why aren’t more organizations practicing proactive security?
It’s not because cyber-attacks aren’t worth worrying about. The damage caused by cyber-attacks is projected to hit $6 trillion annually by 2021. And those are only the direct costs. The intangible damage caused by cybersecurity attacks is even worse in many respects. Organizations lose their reputations, and according to research, 66% of SMBs shut down because of data breaches.
The reasons why organizations fail to be proactive about security despite the high cost of cyber-attacks are complex. This article explores the reasons and offers tips for overcoming the barriers that typically prevent companies from practicing proactive security.
Cybersecurity attacks are becoming more common and more sophisticated by the day. Most organizations have the most common types of attacks on their radar.
Attackers don’t spare any organization, no matter what the size. We’ve seen examples of hackers attacking government agencies like the FBI, and stealing 30GB of confidential data using an employee’s login credentials, and IRS apps compromised because of weak security with partner organizations. Even the largest web companies like Yahoo and LinkedIn are not safe from these attacks.
Applications that have not been secured adequately are prime targets for attackers. For example, a database with over 10 years’ worth of voters’ details was left accessible on the public Internet. Deep Root Analytics, the company that owned this data, didn’t secure it well enough while storing it on AWS S3—a common security error.
And every few days, there are news reports about a new ransomware attack–Ransomware attacks increased by 36 percent in 2017.
Some of the more prominent ransomware attacks of 2017 are Wannacry, Petya, and Locky. All of them targeted Microsoft Windows systems. They even managed to reduce the UK’s National Health Service (NHS) to running only its most critical services for patients.
Some attacks, like ransomware, are aimed at making money off of end users. However, others are politically motivated. For example, there was a data leak of 20,000 emails just two days prior to the French election, aimed at preventing Emmanuel Macron from becoming President. Government agencies are prime targets for attackers because of the valuable information they possess, and their outdated approaches towards application security.
Tepid response from organizations
Despite the large number of attacks, the response from affected organizations is not always urgency. In fact, one survey shows that 52% of compromised organizations have no plans to further secure their systems.
Further, 45% of compromised organizations plan no increase to their security budget despite the attacks they’ve suffered.
The reasons for this lack of urgency are numerous, but what’s required is a proactive effort to secure systems end-to-end. This is easier said than done, as the technological landscape has undergone a massive shift in recent years with the advent of new paradigms of computing, like containers, microservices, and serverless computing. With these changes, there’s a new approach to security that also requires a new breed of security tools.
What proactive security looks like
Proactive security takes into account distributed and dynamic systems that are powered by containers.
Understand the different layers of a containerized app
The modern container stack isn’t as simple as a traditional client-server application. There are different layers to a containerized app, like the kernel and operating system, networking, container images, and container orchestration. Each of these components needs to be secured differently. Kernel security features include Linux core security features, like namespaces, cgroups, Seccomp, AppArmor, and SELinux. The networking layers require a policy-based approach to security, where every container has its own firewall and is isolated from neighboring containers. Container images need to be scanned for common vulnerabilities, and only official container images from known vendors should be allowed into the system (as frequently as possible). Orchestration tools like Kubernetes and Docker Swarm have their own features to better manage secret information like passwords, access codes, and tokens using encryption keys. All this together is overwhelming, and can’t be implemented with traditional security tools. It takes a completely new breed of container security tools, and the next level of automation to implement them.
Use modern security tools across the pipeline
Traditional server-centric security tools are outdated for today’s cloud-native applications. At each stage, there’s a need for a modern toolchain that suits the workflow of various teams. For Ops teams, an incident management tool like PagerDuty, and a robust logging solution like Sumo Logic are essential. For QA, a test automation tool like Selenium that can automate security testing is required, along with a CI server like Jenkins. For development, quick feedback from Ops and QA brings deep visibility. This can be achieved with tools like Slack and Jira. These tools should be integrated with each other so that the security experience is unified and simplified.
The next level of security automation
While the above tools help to automate specific tasks across the SDLC, you need a dedicated container security tool like Twistlock that can provide threat detection at runtime, end-to-end (none of the other tools can). Tools like Twistlock are built with containers in mind, and include many features that enable automation that was not possible before. Twistlock’s new features, the Cloud Native App Firewall (CNAF), and Cloud Native Network Firewall (CNNF) are great examples of automation that are specific to containers.
CNAF scans all incoming traffic to containers, and automatically rejects traffic from suspicious sources like Tor, botnets, and malware. It does this at scale over a large number of containers and huge spikes of traffic by leveraging machine learning. Additionally, if any container happens to be compromised, CNNF automatically restricts its access to neighboring containers. This type of automated, scalable, policy-based security is what’s required for modern containerized applications.
Security is a never-ending game of cat and mouse—attackers never rest. As cyber-attacks grow in number and complexity, the damage they cause is real. Many organizations overlook security because it’s a complex problem to solve. To better secure modern applications, you need to understand what security means for each new layer of the application stack, recognize that you need a modern security toolset across the development pipeline, and that container security needs automation at the next level with features like CNAF and CNNF from Twistlock.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
Twistlock Releases Serverless Runtime Defense
A few months ago, we wrote a piece on “The Continuum of Cloud Native...
Why DevSecOps is No Longer Optional
DevSecOps has been a hot topic within tech conversations for a few yea...
Better Together: Announcing The Twistlock Advantage Program
It’s been about three years since we exited stealth with the first g...
My Security Toolset Today Vs 10 Years Ago
It can be easy to forget how sophisticated IT security tools are today...
How to crash the Linux Kernel with a CDROM interaction – CVE-2018-11506
I’ve recently discovered and reported a buffer overflow vulnerabilit...