Sophos published a report this week that suggest cloud servers on average are attacked within 40 minutes of being deployed.
The Sophos report is based on a 30-day test spanning 10 honeypots Sophos set up in 10 data centers belonging to Amazon Web Services (AWS). On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot, resulting in more than 5 million attacks being recorded over the 30-day period. One of those honeypots was attacked with 52 seconds of the honeypot going live in Sao Paulo, Brazil.
To enable cybersecurity teams to combat these attacks, Sophos this week launched Sophos Cloud Optix, which is based on technology the company gained via its acquisition of Avid Secure earlier this year. Richard Beckett, senior product marketing manager for Sophos, said Sophos Cloud Optix makes extensive use of machine learning algorithms to discover cloud assets and then report on issues such as ports that have been left open on a cloud server.
In addition, Sophos Cloud Optix surfaces recommendations that cybersecurity teams should act on to better secure their environment. In some cases, cybersecurity teams can set polices that enable Sophos Cloud Optix to automatically resolve those issues, while in some circumstances a cybersecurity manager would have to approve a specific change, said Beckett. The goal, he added, is to make it easier for cybersecurity teams to put a set of guardrails in place to ensure cloud security.
Beckett also noted that the machine learning algorithms are trained to identify the root cause of alerts that potentially can number in the thousands within a cloud computing environment. By making it easier to identify the root cause of an issue, the number of alerts any organization needs to sort through is substantially reduced, said Beckett. That, in turn, reduces the level of alert fatigue inside organizations. As is often the case, it’s not that there wasn’t any alert issued about a potential vulnerability. Rather, cybersecurity teams are inundated with alerts, which often makes it exceedingly difficult to determine the potential severity of any vulnerability.
Once those vulnerabilities are identified, it then becomes much easier for cybersecurity professionals to proactively advise developers of issues that need to be addressed within the context of a set of best DevSecOps processes, added Beckett.
Cloud security has become such a dominant concern not because the infrastructure made available is inherently insecure—cloud platforms are inherently more secure than on-premises IT environments because they are continually updated. The issue cybersecurity teams have is they lack visibility into the workloads running on those cloud platforms. In the absence of that visibility, it’s hard to say with any confidence whether a specific set of controls has been implemented.
Sophos, with the launch of Sophos Cloud Optix, is clearly trying to bridge that cybersecurity gap by relying on machine learning algorithms to keep track of how cloud servers are being employed. Once armed with that intelligence, it then becomes possible for cybersecurity teams to have relevant conversations with the developers who use those cloud servers.