Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to cloud-based IT infrastructure.
A typical example is a Seattle-based computer appliance supplier that had less than 10 percent of its 5,000 employees set up to work remotely prior to the pandemic. Seattle reported the first Covid19 fatality in the U.S., and Washington was among the first states to issue shelter at home orders. Overnight, this supplier was forced to make the switch to 90 percent of its employees working from home.
As jarring as this abrupt shift to remote work has been for countless companies, government agencies and educational institutions, it has conversely been a huge boon for cyber criminals. The Internet from its inception has presented a wide open attack vector to threat actors. Covid19 has upgraded the Internet — from the criminals’ point of view — to a picture-perfect environment for phishing, scamming and deep network intrusions. Thus the urgency for organizations to put all excuses aside and embrace stricter cyber hygiene practices could not be any higher.
It’s a very good thing that the cybersecurity industry has been innovating apace, as well. Cybersecurity technology is far more advanced today than it was five years ago, or even two years ago. Today robust security frameworks are gaining traction for staying on top of patching software vulnerabilities, managing account access and responding swiftly to any suspicious activity detected on endpoint computing devices.
I had the chance to meet — remotely, of course — with Kevin Simzer, Trend Micro’s Chief Operating Officer, to discuss this. Trend Micro has been very active in this space, to say the least. Tech research firm IDC recently named Trend Micro the top supplier of “hybrid cloud workload security” systems, with a global market share of 29.5 percent, three times more than the number two vendor of such systems.
Companies will always have some on-premises IT systems, of course. Covid19 has accelerated and deepened corporate reliance on outsourced IT infrastructure much more suddenly than anyone expected. I had a wide-ranging discussion with Simzer about the moving-forward implications. For a full drill down on our conversation, please give the accompanying podcast a listen. Here are the key takeaways:
Securing the hybrid cloud
Protecting company networks is a complex, highly dynamic challenge, made even more so as companies now accelerate cloud migration. Post Covid19, many organizations have doubled or even tripled their reliance on outsourced processing and data storage – mostly supplied by Amazon Web Service, Microsoft Azure and Google Cloud Platform (GCP.) Threat actors haven’t missed a beat. All year now they’ve been stepping up cyber attacks that leverage and/or exploit the notoriety of the global pandemic in one way or another.
Clearly there is no shortage of innovative security technology in the hands of the good guys; Gartner recently estimated global spending on cybersecurity products and services to top $123 billion this year. That said, there continues to be a stark shortage of skilled security analysts to interpret and react to richer threat intelligence collected by these advanced systems.
Large enterprises typically have full-blown Security Operations Centers (SOCs) staffed round-the-clock by experienced analysts, Simzer noted. However, mid-sized organizations, those with 1,000 or fewer, employees, generally cannot afford SOCs, and are increasingly turning to managed security service providers (MSSPs) to provide SOC-like oversight as an outsourced service.
A role for MSSPs
MSSPs, of course, welcome the steadily rising demand for their products and services. Companies are expected to spend an estimated $31.6 billion on MSSP services this year, rising to $46.4 billion, a healthy compound annual growth rate of 8 percent, according to research firm marketsandmarkets.
MSSPs started out some 15 years ago providing email security and firewall upkeep, but today they often provide vulnerability patching and even endpoint detection and response (EDR) services, as well.
“What companies really need is access to security practitioners who can analyze all of the telemetry showing what’s actually going on inside of their networks,” Simzer told me. “Not just monitoring a green light to make sure a server is on; I’m talking about vacuuming up all of the security telemetry, looking at all of the alerts and responding to those alerts.”
In fact, Trend Micro, who was the first to launch an XDR solution, optimizing threat detection and response across all critical vectors, found itself in a position last February to spin-out a set of contracted services it had been incubating. The spin off, called Cysiv, now operates as a standalone MSSP out of Irving, Texas.
Detecting and mitigating suspicious traffic bouncing around an on-premises network is one thing, whether the analysts are working in a SOC or from an MSSP. It’s quite another when you toss in mobile devices, web applications, cloud storage and DevOps. Suddenly, the security challenge becomes much more complex.
Trend Micro has pulled together a security platform, called Cloud One, to help organizations more skillfully tackle their half of “shared responsibility” for cloud security; shared responsibility is a security model imposed by the Big Three cloud services, AWS, Azure and GCP.
“We built Cloud One as a single platform with a set of six security services to help the security team and the development operations team make sure that any applications that are being built in the cloud are done in a secure way,” Simzer says.
‘Shift left’ security
One service, called Conformity, focuses at the very earliest stages, or far left, of the pipeline for developing new applications. Conformity automatically runs hundreds of checks on new coding to assess how the coding stands up to industry compliance standards and cloud security best practice rules. This is referred to as taking a “shift left” approach to security.
“We’re dealing in an environment that’s very dynamic and moving really quickly, with a lot of different developers having access to the infrastructure itself,” Simzer says. “What we’ve discovered is that a lot of security issues come down to simple misconfigurations.”
For instance, ransomware has bedeviled companies for the past three years, with a recent surge of attacks pivoting off ruses that leverage Covid19 concerns. One misconfiguration that keeps recurring is for companies to leave open a Windows component, called Remote Desktop Protocol (RDP.) Ransomware purveyors seek out open RDP ports, which have become the prime path for them to spread their cyber extortion campaigns.
One of Conformity’s services revolves around issuing a report. “It tells you if you have ports that are open, accounts that are dormant or file storage that’s not protected,” he says. “We go through hundreds of different checks like these, right down to whether you may have written certain coding in a way that makes it susceptible to malicious injections.”
Trend Micro, of course, is not the only security vendor pursuing a more complete way to help companies mitigate rising cyber exposures in their hybrid cloud networks. That said, its Cloud One platform has demonstrated the efficacy of doing security checks throughout the entire software creation cycle, from development to deployment.
Scrutinizing source code for security weaknesses before placing an application into live service makes a lot of sense; instances of weak configurations and sloppy coding are sure to be discovered down the line by motivated attackers. Threat actors today have access to sophisticated scanning and search tools, for free, as well as turnkey hacking kits that require minimal tech savvy.
This is why script kiddie hackers, like Graham Ivan Clark, continue to wreak havoc. Clark, 17, of Tampa, Fla. is the video-game playing youth arrested by the FBI in late July and charged with highjacking the Twitter accounts of A-list celebrities to pull off an elaborate Bitcoin scam. Twitter failed to practice cyber hygiene assiduously enough to stop the young Mr. Clark.
“We’re trying to get right back to the source – to people in the development community who are writing the code, so we know, early on, what’s going on,” Simzer says.
Flattening cyber risks
Granted, holistic security practices are in a nascent stage and, yes, there’s a long, long way to go. Today, agile software is routinely pushed out into the field riddled with weak settings and coding flaws – and threat actors continue to have a field day finding and exploiting them.
This is where Trend Micro’s core EDR product line slips back into the spotlight. EDR technologies trace back to the antivirus (AV) software suites invented in the late 1980s to cut off the earliest iterations of computer viruses. Most of the AV vendors that got started back then – Trend Micro, Symantec, McAfee, Kaspersky, ESET and a dozen more — are still around and many of them have progressed to supplying EDR systems. These technologies provide continuous monitoring of endpoint computing devices, along with analytics to evaluate and respond to cyberthreats in real time.
Trend Micro refers to its product line as XDR, to reinforce its capacity to accumulate security data from every nook and cranny of both legacy on-premises systems and hybrid cloud networks.
“We’re grabbing telemetry from the endpoints, the email environment, the network and the (cloud) servers and collecting it all in one spot,” he told me. “We can then use sophisticated machine learning algorithms to do a much better job identifying where the problems are.”
Post Covid19, this type of go-deep security analytics is more crucial than ever. It’s very likely that some portion of the spike in Internet traffic we’re seeing from Covid19 home sheltering is likely to stick with us for the long haul. Our digital lives are only going to get richer, going forward, which means the cyber risks we face will climb too. Something needs to be done to flatten the cyber risk curve. It’s encouraging to observe how vendors like Trend Micro keep raising the bar. I’ll keep watch.
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/new-tech-trend-micro-flattens-cyber-risks-from-software-development-to-deployment/