Context Is Crucial When It Comes to Cloud Security

Thanks to innovative exploits and automated attack tools, there is no shortage of security threats to worry about. You might address virtually every attack and threat vector given unlimited time, money, and manpower, but nobody has that. The reality is that you need to be able to assess risk and prioritize your efforts to get the best security possible with the limited resources at your disposal. The key to doing that effectively is context.

Where Should You Begin with AWS Security?

What would you say if someone asked you the question: “If you only had time for one thing today to reduce your exposure or avoid an exploit in AWS, what should you do?”

There is no simple answer. Why? Because, the answer to this question depends on a variety of factors. What problems do you have? What security vulnerabilities exist in your environment? What security controls are already in place to mitigate the risk? What is the potential impact of a vulnerable asset getting compromised? In other words, to answer the question effectively, you first need context.

The 80/20 Rule Also Applies to Cloud Security

One of the more valuable rules to keep in mind for virtually anything is the 80/20 rule. It has almost universal application, and cloud security is no exception. Basically, the 80/20 rule states that you get 80 percent of your results from 20 percent of your effort—or something to that effect.

In other words, if you had a list of 10 cloud security best practices to implement, you could theoretically accomplish 80 percent of your security goals by just tackling the two that have the greatest impact.

Focusing on the “low-hanging fruit” allows you to quickly address a majority of your security concerns more efficiently. It can be the difference between going out and grabbing a beer with a co-worker at lunch or skipping lunch to deal with security incidents.

Security Risk Assessment

Not all vulnerabilities or security issues are created equally. It’s important to have the right information to effectively prioritize which assets or data are actually at greater risk of compromise, and which could result in a more serious data breach or security incident.

For example, you might find a variety of assets running a vulnerable version of Apache Struts. At face value, all of those findings are serious and should be addressed, but when it comes to prioritizing your efforts there are some important questions to ask. A vulnerable server that is internet facing and runs a database containing sensitive customer information is a higher priority than a vulnerable server in a test environment that has no sensitive data. That context is crucial.

Cloud Insight Essentials Provides Context

Amazon GuardDuty is an excellent tool for monitoring cloud workloads on AWS for security issues, but the GuardDuty findings in and of themselves provide a very general view of security in your environment. GuardDuty findings may indicate reconnaissance or post-compromise activity, but prioritizing remediation effectively and efficiently requires context.

It’s possible to derive that context on your own using manual effort. You would need to do things to automate the effort as much as possible, like construct scripts or Lambda functions that could monitor and alert you when changes occur to security groups. Even then, it takes a significant effort to sift through logs and data the hard way, and you’d only be focused on AWS.

Cloud Insight Essentials (CIE) does all of the dirty work for you. CIE provides the context you need to effectively prioritize efforts related to GuardDuty findings. It also identifies common configuration errors like SSH, RDP, or database ports that are open to the public, or overly permissive identity and access management policies.

Plus, CIE gives you a holistic view of your environment—alerting you to vulnerabilities and configuration issues in general. It’s not limited to just GuardDuty findings or AWS. The contextual awareness and exploitability information that CIE adds for vulnerabilities arms you with the details you need to prioritize your efforts to ensure maximum security with limited resources.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley