New year, new security – Part 2: Cloud computing use cases

This is the second of a two-part series discussing security challenges and opportunities for 2019 with a focus on the internet of things (IoT) and cloud computing. The previous article explained risks and challenges to securing IoT devices.

The cloud is really just someone else’s computer.

DevOps Connect:DevSecOps @ RSAC 2022

So, what is cloud computing?

If you were to look to Wikipedia, you would find cloud computing defined as:

…shared pools of configurable computer system resources and higher-level services that can be rapidly provisioned with minimal management effort, often over the Internet. Cloud computing relies on sharing of resources to achieve coherence and economies of scale, similar to a public utility.

Basically, the cloud is just someone else’s computer. So, while security orchestration, automation and response (SOAR) solutions might be marketed for traditional enterprise security—perimeter, endpoint, host, etc.—those things don’t just go away with the cloud. The differences are where and how they are monitored. This means current applications for SOAR can still be applied to next generation firewalls, endpoint detection and response (EDR) and other security tools—it’s just going to be the cloud-based version of them.

Security risks with Amazon S3/EC2 instances and SOAR’s solution

As an example, our new security researcher, Josh Rickard, and I were recently discussing Amazon Simple Storage Service (S3) and Elastic Cloud Compute (EC2) instances as part of analyst provisioning processes, creating what’s referred to as a domain name system (DNS) record (meaning something happened). Here’s what that looks like:

Somebody creates a new instance—not a traditional security alarm. So, instead of the typical “I got an alert from this endpoint, or I heard from this network device,” it’s, “This just happened inside of my environment.”

Now it’s, “Okay, I saw a new DNS entry, which means there’s a new host or a new storage route and probably a half dozen things I should go check to make sure that when said user provisioned that DNS record, they didn’t just make it available to the world.”

A SOAR solution can help with the aforementioned half dozen items that need to be checked along with the 10 other things you want checked every time something is created as part of your continuous monitoring process.

There are some things that teams automate because they don’t have a damn choice. #SOAR

SOAR: A critical need for IoT and cloud computing

While that’s a highly technical example, there are tangible, life and death table stakes for cybersecurity and SOAR solutions when it comes to both IoT and cloud-based networks.

A while back, I had an interesting conversation with a Gartner analyst on what people are and are not willing to automate plus the things they have to automate because they “don’t have a damn choice.” Here’s the example we discussed:

An airline pilot is preparing to land a commercial jet with 200 passengers, and the runway lights go out. Neither he and his crew nor air traffic control have time to triage that alarm to understand what’s going on. There has to be a system in place that automatically restores those lights so that he can land the plane safely.

And examples like this are significantly less theoretical than being attacked by your toaster.

I may not have a security crystal ball, but I can certainly predict security challenges and opportunities as IoT devices and cloud-based networks continue integrating with our everyday lives and activities. The one thing I’m sure of is that the Swimlane team will continue to innovate and create a SOAR platform that will enable security operations professionals to respond to the challenges ahead.

*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Cody Cornell. Read the original post at:

Cody Cornell

Cody is responsible for the strategic direction of Swimlane and the development of our security orchestration, automation, and response (SOAR) platform. At Swimlane we advocate for the open exchange of security information and deep technology integration, that maximizes the value customers receive from their investments in security operations technology and people. Collaborating with industry-leading technology vendors, we work to identify opportunities to streamline and automate security activities saving customer operational costs and reducing risk.

cody-cornell has 27 posts and counting.See all posts by cody-cornell