Your enterprise network is under attack. What cloud security solutions will save you?

Strong authentication Data encryption Strong Access control All are benifits for security to cloud data. Cloud computing is very important to all of us.

Rather than Cloud Firewall I would say the solution that will protect Enterprise network and applications from ongoing attack will be combination of Anti-DDoS(Anti-DDoS) cloud based solutions and Web Application Firewall (WAF). Anti DDoS solution will protect from volumetric attacks at network level. WAF will protect the cloud from Application level attack vectors. This combination will also include the component of Content Delivery Network (CDN), that will eventually streamline traffic and indirectly thwart DDoS attacks. Only cloud based Firewalls may not work in this scenario because volume of traffic might overwhelm firewalls although firewall and IDS/IPS are mandatory controls.

To defend the enterprise, you will have to have defense-in-depth approach. In each layer / level we need to have technical controls in place followed by policies. In application layer we can use WAF, in network layer, we can use Firewall, proxy & IDS/IPS. Similarly at host level we can use EDR and DLP. Continuous monitoring using SIEM would be crucial to identify the attack and respond to it accordingly. Recent study shows that starting point of the attack is a phishing email/campaign, so it's important to have email security in place. Provide cybersecuirty awareness training to all the users in any organisation is very crucial and important.

To protect an enterprise network from cyber threats, leverage cloud security solutions like firewalls, web application firewalls (WAF), identity and access management (IAM), and intrusion detection and prevention systems (IDPS). Employ network segmentation, encryption, and data loss prevention (DLP) for enhanced security. Utilize cloud-based SIEM and incident response plans to detect and respond to security incidents. Continuous monitoring, secure web gateways (SWG), and adherence to best practices ensure a robust defense against evolving cyber threats.

Security attacks are ongoing in the internet for everyone. In case your company has a higher profile like fintec or many others, I would recommend to use the Cloudflare WAF DDOs and CDN solution which can provide a very secure and streamline solution. It still requires security knowledge to configure the correct protections and logics but i haven't found any other vendor with such versatility and performance. I'm familiar with Incapsula and radware but it's a different league. Good luck with any choice you take.

Cloud encryption is a security measure that helps protect data from unauthorized access during storage, transmission, and processing. It involves transforming data from its original plain text format to an unreadable format, such as ciphertext, before it is transferred to and stored in the cloud. This process renders the information indecipherable and therefore useless without the encryption keys. Encryption is regarded as one of the most effective components within an organization’s cybersecurity strategy. By encrypting data during processing, cloud encryption provides an additional layer of security to protect data from unauthorized access. This is particularly important when data is being processed by third-party applications.

Sure, if/when bad actors steal encrypted data without the key, they cannot read it. But it is difficult to do cloud encryption properly. Key management for example is really hard, despite marketing literature from vendors. Other considerations - does the cloud provider have access to the keys, or is a BYOK bring your own key type of approach? Is the solution focused on a single cloud provider or does it work across multiple cloud providers?

Cloud encryption secures your data at rest and in transit but also provides a layer of security for your data during processing. This is especially critical in industries where data sensitivity is paramount, such as healthcare or finance. Example:: In a healthcare setup, patient records are highly sensitive. Using cloud encryption, these records are encrypted before being uploaded to the cloud, ensuring that even if there is a data breach, the information remains unreadable and secure from unauthorized access.

Encrypting data at rest and the choice between symmetric, asymmetric, or homomorphic encryption hinges on the specific security and performance requirements of the project at hand. For instance, while working with sensitive health records, we implemented asymmetric encryption to enhance security despite its performance cost, aligning with stringent healthcare regulations. It's essential to assess the sensitivity of the data you're encrypting; not all data may require such robust protection. My advice: Prioritize encryption strategies based on the data's sensitivity and the regulatory landscape.

This is not correct. - Encryption of your data in the cloud protects your data from theft, but not against loss or corruption. - To protect against loss, the solutions are either backup (covered elsewhere in this article) or Soft Delete (if the cloud service offers it) or using immutable storage (if the cloud provider offers it). - To protect against corruption, backup or immutable storage are your choices. - Furthermore, within theft, each choice of key management (client-side encryption / HYOK, customer-managed key / BYOK, provider-managed key) covers a different set of threat vectors, so make sure to study the trade-offs and choose carefully.

Cloud Identity and Access Management (IAM) is essential for controlling cloud resource access. It verifies user and device credentials, applies roles and permissions, safeguarding networks and ensuring compliance. Diverse authentication methods like passwords or biometrics enhance security. IAM surpasses firewalls, offering advanced settings, monitoring, and role management. It centralizes authorization, providing granular access control and audit trails. IAM is pivotal in complex organizations, offering single access control and multi-access options. While native CSP IAM suits single-cloud setups, multi-cloud organizations benefit from third-party solutions. Tight IAM policies are crucial for robust cloud security.

"Identity is the new perimeter" and this is even more true in the cloud. Like the other technologies discussed in this article, there are 2 kinds of CloudIAM -- the ones that are focused on a single cloud service provider (CSP), usually offered by that specific CSP, or vendors that offer to manage identities across several CSPs. Native CSP offerings are great if the organization is only using that CSP -- they usually integrate better and more easily with the CSP's resources and workflows. However most organizations are hybrid and/or multi-cloud and in that case organizations need to select a 3rd party CloudIAM vendor. Also -- a CloudIAM is only as good and as robust as your IAM policy, so make sure you have those tight.

Según mi experiencia, IAM Cloud permite gestionar los permisos que tienen los usuarios a lo largo del ciclo de vida de la identidad asignada a los funcionarios de la empresa. Existen varias estrategías a seguir, para prevenir ataques y para actuar en caso de ataques. 1. Manejar el principio de minimo privilegio. 2. En procesos de cambio (Cambio de cargo, ascensos, etc), validar que se asignen y retiren los permisos que correspondan. Estos 2 puntos permite minimizar el ventor de ataque. Si estamos siendo atacados, es importante determinar si es una identidad propia de la empresa la que se "filtro", con lo cual el paso lógico es suspender la cuenta hasta confirmar que el ataque sea detenido.

Cloud IAM est un système qui contrôle qui peut accéder à vos ressources cloud et ce qu’ils peuvent en faire. Il vérifie l’identité et les informations d’identification des utilisateurs et des appareils et applique le niveau d’accès approprié en fonction des rôles, des autorisations et des stratégies. Cloud IAM peut protéger votre réseau contre les accès non autorisés ou malveillants, ainsi que se conformer aux normes réglementaires et de conformité. Vous pouvez utiliser diverses méthodes d’authentification, telles que des mots de passe, des jetons ou la biométrie, pour améliorer la sécurité de votre IAM dans le cloud.

Como en cualquier otro entorno, la gestión de identidades y acceso es un proceso crucial en un entorno como la nube. En entornos on-premise, la sensación de los accesos e identidades es más control y visibilidad (aunque no siempre es así), sin embargo, en la nube ese control, visibilidad y trazabilidad parece que se dispersa o desaparece. Contar con una herramienta de IAM (Identity and Access Management) facilita la gestión de los accesos, roles y permisos, en cuánto a quién o qué puede acceder a cierto recurso. Estas herramientas se deben utilizar siempre desde el enfoque del principio del mínimo privilegio (PoLP).

Every organization should have a disaster recovery plan that is tailored to their asset inventory management, their cloud model, and the attack surface recognized after performing a business impact analysis. Ransomware attacks are highly profitable for cyber-criminals, and if you have a multi-tenant environment you should have backups that fall back to a preferable stable state in case of such an attack.

Everyone should have some sort of immutable backup that is "offline" from the general network and cannot be encrypted by ransomware.

Cloud backup and recovery mitigate cyber attacks by storing data separately from primary systems, offering protection against ransomware, ensuring data integrity with immutability and versioning, enabling quick recovery, providing geographical redundancy, incorporating automated monitoring and alerts, facilitating regulatory compliance, and offering scalable and cost-effective storage solutions. These features collectively enhance data resilience, minimize downtime, and enable swift recovery in the face of security incidents.

Always back to basics at ultimate solutions when all others failed - IT'S a huge mistake to not consider Backup and DRP as strategic components of IT protections & recovery strategy !

So you have been hit by ransomware and tell yourself, it's cool we got this, as we have backups! I have seen numerous organizations that should have put more thought into protecting their backups. A sophisticated ransomware attack will go after your backups, as this is the primary recovery control we can leverage after the damage is done. By using preventative controls such as Read-Only Storage, write-only offsite backups, and IAM policies restricting key usage within accounts we control, we can ensure that they can't "destroy" our restoration capabilities in the event of such an attack.

Cloud security monitoring and analytics is a service for observing and managing the security of cloud-based applications, data, and infrastructure. It involves collecting, analyzing, and correlating log data from various cloud sources to detect and respond to threats, vulnerabilities, and compliance issues. Cloud security monitoring and analytics can help organizations improve their visibility, agility, and use-case coverage in the cloud environment

Cloud security monitoring and analytic as a cloud service has numerous ways to identify threat patterns and keep the SOC analyst informed about network attacks. It can provide insights on on current and historical log data for tracking and analyzing purpose and also generate useful reports.

This is a technology that has come to stay because signature and anomaly detection had been done off the cloud using IPS and sand boxes for pattern matching for years. This brings the process to light because it is easier to detect day 0 attacks in the cloud as AI could unify all the patterns to a common dashboard. Tools like Suricata, Zeek, Stenographer etc could further help interpret malicious traffic in the cloud to give a detailed security posture.

Identify by gaining visibility of your assets via proactive monitoring. Protect by implementing appropriate responses by triaging.

A best-in-class SIEM will be able to perform equally well with your on-prem and cloud assets. Use cases include security monitoring and analytics, for the purpose of cloud detection and response, compliance demonstration or just reporting and dashboarding.

No matter how many preventative strategies you use, and how many security products you deploy, there WILL be gaps, and adversaries WILL find them. Assume breach. Segment your assets in as many dimensions as is practical (different cloud providers, different admins for different assets, etc) so that a breach of one does not become a breach of all.

Cloud-based SIEM platforms collect, correlate, and analyse security event logs and data across the enterprise network. Cloud-based EDR solutions protect endpoints, such as laptops, desktops, and servers, against advanced threats, malware, and zero-day attacks. CASB solutions enable organisations to enforce security policies and control access to cloud applications and services. SOAR solutions help security teams prioritise alerts, investigate incidents, and respond to threats efficiently, reducing MTTR and enhancing overall security posture. ZTNA solutions enforce the least privileged access controls, implement micro-segmentation, and encrypt network traffic to minimise the attack surface and prevent lateral movement of threats.

Enterprise network is under attack then none of the could security will save. In order to protect the enterprise network from attack, we need to have all these cloud security solutions. All these solutions are equally important and appropriate as per there functions.

In that case, only a coherent mix of solutions would solve the situation. Getting visibility must be the priority, so a SIEM or an Orchestrator, would be useful, at the same time than any UEBA or DEM solution. Once we get visibility, we need yo interact with our security solutions and remediate the crisis. Here, global consoles, automation capabilities, AIOps & SecOps, could be great. Due to these advances approaches are not well solved in traditional architectures and hardware-based solutions, the new paradigms as SASE, give better and more agile alternatives in this kind of situations, unifying sometimes all these tools to n one single GUI, completely aligned with its architecture (cloud-based, native datalake, automated response, etc)

All of these solutions will help under the right circumstances. Given how vague "under attack" is - it would be hard to pick one. You woudl need to consider many other factors - what type of attack is it? Is it a DDoS, a phishing attack, a ransomware attack, an insider attack, a side channel attack, etc. You would want to know what stage of the attack is it? Are we still in reconnaissance, is the actor deploying his tools, have they already exfiltrated data? Hopefully you have done a security assessment, set up a risk register, and implemented security controls and preventive measures to mitigate those risks.