Let’s say you work for a reputable company that takes data security seriously. Perhaps you even have security tools in place, and a staffed security operation center (SOC) handling Tier 1 and Tier 2 incidents. Although you may think you are prepared for solving challenges that arise from the cloud, are you really? Some of the largest companies, financial institutions and hospitals have made national news due to massive breaches, outages and data exposures related to cloud infrastructure. According to IBM and the Ponemon Institute, from 2020 to 2021, the average cost of a data breach increased from $3.86 million to $4.24 million, which is the highest average cost increase seen in the past 17 years. Now, keep reading.
What security teams have come to know is that the longer a security breach remains undetected, the more sensitive data can be retrieved by cybercriminals. So, it should come as no surprise that time was found to be the most significant contributor to the cost of security incidents. It’s shocking that even in this day and age with investments made security tools, the average time to identify a breach in 2021 was 212 days, with an additional 75 days to contain! That's an average of 287 total days, so how do you shorten the window of time? That’s where cloud threat hunting comes into play.
Cloud threat hunting is a proactive approach for finding and remediating undetected attacks in the cloud. It involves advanced security intelligence and enables security teams to detect and remediate potential threats in multi-cloud environments and workloads. The process involves searching for indicators of compromise (IoC), investigating, classifying, and remediating threats in public, private, and hybrid clouds.
Let’s walk through a brief example. Let’s assume you have your basic security protections in place acting as a first line defense for your cloud estate. Still, your security teams face major challenges, such as:
So why does cloud threat hunting matter? Simply put, you are able to detect and remediate hidden threats before a breach can occur. With cloud threat hunting, you’re able to proactively identify adversary activity, understand their TTPs, anticipate the attack and take the necessary actions. Benefits of cloud threat hunting include:
Cloud threat hunting is necessary because technology alone is not enough to address the security challenges in the cloud. Today’s sophisticated threats require a combination of technology with human expertise to engage and perform threat hunting.
Suppose your business relies on “set it and forget it” security tools that promise to eliminate the need for humans, or traditional solutions to detect and respond to cloud incidents. It implies that you must first wait for your security team to detect signs of an attack before reacting. Such an approach cannot protect against advanced, data-focused, targeted attacks that are designed to evade detection. That said, by adopting a cloud threat hunting approach combined with the right security tools, you’re better able to arm security teams with the following benefits:
After gaining access to a network, an adversary or attacker may attempt to perform reconnaissance on cloud services running on a host or enabled in the environment. This can take several different forms due to the range of services across various cloud providers. The CrowdStrike 2021 Threat Hunting Report shows a considerable increase in discovery actions focused specifically on cloud services, and hunting for this type of behavior can be a valuable hunting lead for networks integrated with cloud services.
Are you familiar with the Shared Responsibility Model? It states that your cloud provider is responsible for the security of the cloud, whereas it is your responsibility to secure things in the cloud.
As both a cloud customer and a security company, CrowdStrike has a deep understanding of the complexities and risks of protecting corporate data and the cloud infrastructure that holds it. Embracing the cloud is critical to digital transformation initiatives, but for them to be successful, security must transform alongside the business. Quite simply, it is time for enterprises to rethink security to keep pace with an evolving landscape of risks.
CrowdStrike cloud security goes beyond ad hoc approaches by unifying cloud security posture management (CSPM) together with breach protection for cloud workloads and containers, AND our human threat detection engine that operates as an extension of your team, hunting relentlessly to identify and stop the most sophisticated hidden threats in a single platform for any cloud.
To learn more about CrowdStrike cloud security and threat hunting solutions, visit https://www.crowdstrike.com/cloud-security/ and let’s discuss how we can take your cloud security to the next level. We are cloud security, we are CrowdStrike.
Guilherme (Gui) Alvarenga, Sr. Product Marketing Manager, Cloud Security at CrowdStrike