The term “zero-day” can cause a normal day at any company to go from zero to sixty right quick. Every security person knows you’re probably vulnerable somewhere within your infrastructure, and finding everywhere that is can be nearly impossible.
That’s not just speculation according to a new study we sponsored with ESG Research. In fact, 42% of organizations reported an attack on their hybrid cloud environment in the last year, with 28% pointing to a zero-day exploit as the origin. The study, called ESG Research,Trends in Hybrid Cloud Security Survey, surveyed 450 IT/information security professionals in North America and Western European on their challenges, readiness, and intentions, of hybrid cloud environments and containers. For us, the report reinforced three major data points 1) container adoption is still gaining serious momentum 2) zero-day attacks are a huge issue in hybrid-cloud environments and 3) current security solutions on the market are not able to effectively secure 1 from 2.
The race to containers is picking up serious momentum with more than half (56%) of those surveyed already having deployed containerized production applications and 80% indicating they would have them production in the next 12-24 months. Container adoption is fundamentally changing the face of infrastructure, but legacy infrastructure isn’t going anywhere for awhile, so any security strategy is going to have to include both container and legacy environments and that has not been an easy task.
Why? Hybrid cloud environments are complex to secure for some of the very reasons they are appealing. You have multiple users accessing multiple environments from multiple locations. From a security perspective, this leads to a melange of security approaches being cobbled together; on-premises and in the cloud, as well as internally owned and outsourced. And as infrastructure composition shifts to cloud-resident workloads and containerized apps, the complexity grows.
Not surprisingly, these complex environments are also big targets for attackers. As in addition to the zero-day attacks mentioned above, which were most prevalent, companies also noted exploits that take advantage of known vulnerabilities in unpatched applications (27%), misuse of a privileged account by an inside employee (26%), exploits taking advantage of known vulnerabilities in unpatched OS systems (21%), and the misuse of a privileged account via stolen credentials (19%). Mis-configured cloud services, workloads, or network security controls that led to a successful compromise by a bad actor were also mentioned (20%) as well as malware that moved laterally and infected a server workload (21%).
But whether we’re talking about these zero-day attacks, or even recent vulnerabilities such as Spectre and Meltdown, it’s clear we are stuck in a never-ending arms race with attackers. And when it comes to effectively securing these new hybrid-cloud environments in particular, current solutions were not up to snuff. We already know security appliances aren’t the answer, and 35% of those surveyed noted that their current server workload security solution does not support or offer the same functionality for containers, requiring that they use a separate container security solution adding cost and complexity.
In fact, the vast majority of companies (70%) are using separate controls for public cloud-based resources and on-premises VMs and servers, leaving only 30% using unified controls. This is projected to completely reverse in the next 24 months, with 70% focusing on unified controls for all server workload types across public cloud(s) and on-premises resources.
So the answer is a unified solution that can detect all types of attacks on all types of environments. Got it. The problems are certainly complex, and the solutions will have to be just as sophisticated. As the world of containers gains momentum, so will the pace and type of attacks trying to defeat them. We’ll continue to address this new state of security for next-gen infrastructure in some upcoming posts, stay tuned!
Photo : Yuri Samoilov under Creative Commons
Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure.