Remember that panicked phone call? That cascade of urgent emails and Slack messages? What about those war rooms and the screaming urgency to create YAML files to be uploaded to a system that was already down? Yeah, that. I’d like to avoid that in the future if I could.
Cloud attacks require a fast response
In our modern cloud environments things move very fast. An attack can take your system down and create a data breach very quickly. It takes time to detect and contain a problem. Time we don’t have. Too many organizations are operating with static, disparate reporting systems for IaaS but say you do get an alert that something is wrong. What then? Then it takes time to write a YAML file and upload it into your IaaS environment to fix the problem. By the time you do this, microservices across your environment have been compromised and the blast radius for the attack is huge.
Dynamic IaaS environments
What if we could turn the high-speed dynamic nature of a cloud environment into a security advantage? These systems are already designed to operate elastically to scale up and down to accommodate for changing volumes of traffic. A security approach that detects attacks and can automatically use the elastic nature of a cloud system to isolate the attack and self-heal the system is possible.
You already operate a system that can automatically spin containers and services up and down based on predefined images to accommodate changing demand. Your system can already route traffic to new containers when you need them and stop sending traffic to containers when you no longer need them. Your existing system can create links, remove links, and delete or move data based on user and service activities.
Automate protection to be responsive
By marrying security detection, runtime monitoring, automation, and policy-driven responses into a cloud native application protection platform, you could set your IaaS applications to self- heal in the face of an attack. You could automatically isolate and replace compromised resources to block or at least buy time in the face of a persistent attack.
What if you had a unified protection platform that:
- Continuously monitors traffic, sensitive data, and security posture in running applications
- Learns normal traffic and configuration patterns
- Automatically detects threats such as abnormal and high risk traffic (DDoS attacks?), abnormal user or API access (data breach?), excessive file encryptions (ransomware?), abnormal operations (cryptojacking?), and malware
- Automatically isolates compromised resources by cutting the traffic to and from them
- Automatically replaces compromised resources by spinning up new images
- Automatically routes traffic to the new, clean resources
- Automatically takes records what happened in the attack for forensics
- Finally, automatically deletes the compromised assets
Modern containerized cloud environments have the functions to do this if they could be connected to a modern cloud protection platform. It wouldn’t even require you to install new agents or sidecars. Unfortunately, your cloud security posture management (CSPM) and cloud workload protection (CWP) cloud native application protection platform can’t do this. If you have one of these products, you already know that they are either simple static reporting functions or are collections of disparate tools that don’t work together.
This is why we’re trying something new. We’ve created Microsec.ai, a protection service that will connect to your cloud environment and will integrate with your service mesh and your data loss prevention (DLP) system to continuously monitor, protect your data, and self-heal your cloud application environments when they are attacked.