Simplifying Cloud Security

Probably one of the best session organized by ELITECISOs in partnership with Orca Security with an unprecedented attendance of over 350 participants.

?This session elaborated on securing an enterprise cloud estate by building it on the 4Cs (Coverage, Comprehensive, Context, Continuity) and 4 dimensions (Breadth, Height, Depth, Time), since cloud is a reality, is adopted by virtually every enterprise in either pure, multi or hybrid cloud mode.

?Thanks to Baljot Bhatia for setting the context with a quick overview of Orca.

The 1st big challenge in cloud today is about Visibility. The visibility of entire spectrum of the cloud presence is needed. The 2nd challenge that arises is on being frictionless or agent based. The 3rd question arises is on multitude usage of tools. CSPM, Vulnerability mgmt., asset visibility, etc.

I learnt that?Orca provides full visibility across all cloud environments, in a completely frictionless experience at the same time, no other tool is necessary to manage the cloud real estate, it is a single platform which is agentless and provides full visibility and management.

Orca proudly claims that gets its solution up and running in 6 minutes or less and in a maximum of 3 to 4 steps

?Building a cloud security program is essentially in 4 dimensions. Defense in depth is a traditional concept adopted for trading land for time.

Andy Ellis enumerated the scenario with a great analogy from a century ago. Post World War 1, France starting building a 'Perimeter' security wall on it's border, to keep attacks from Germany at bay. However this met with resistance from Belgium and the perimeter could not be fully completed. next was keeping something outside the perimeter, which was Strasburg. Incidentally Strasburg became the 1st city to fall in subsequent wars. The Concept of Defense in Depth is to push out Defenses further out and train them for response capabilities.?

?In cyberspace, response time is in milliseconds, hence creating defense perimeters and pushing out defense lines further to create adversaries, which send out signals, does not work really well. The current issue with security setups is that it is still based and biased towards the concept of a perimeter. Building walls of defense and allowing people through them on the basis of a pass code gave rise to the modern concept of a passwords. Further adding a moat to extend the perimeter is also not effective enough.

?The concept of traditional working of security a linear line of security (extending the length and levels of perimeter). The adversary will never attack in a linear fashion. They would choose where to attack (breath of attack), the defenses to attack (height) and once penetrated they decide on lateral or depth of attack.

?@Andy Ellis mentioned that 'Building a security program without considering how an adversary will try to penetrate' is akin to a Cyber Maginot Line. He explained on the 4 dimensions namely:

Dimension 1: Breadth or Width – An adversary can choose any point of entry or intrusion in your enterprise. Hence defenders must have complete visibility and coverage of enterprise assets. especially if they are not well maintained. The defenders also must have a unified intelligence collection, analysis and dissemination model for all data sources to unify the intelligence collected from all with cloud environments. Understand the entire ecosystem to determine where exactly the perimeter lies for teh adversary to come in.

I learnt that Orca builds a unified data model contextualizing all data sources collected from deep inside the workloads with cloud configuration data, identities and more. It starts with site scanning, which runs on a snapshots of the workloads. These forensic images are scanned in real time and used to rebuild the model of systems that are actually doing what they are installed on. Next it looks at the Cloud Control pane to determine what access and permissions a particular system has. This information of access is used in Network probe, to determine the communication of this system with all intended systems; is it taking to those permitted or there are connects outside the permissible accesses, same is done for the CI/CD scans as well. The audit logs and events logs are looked at to correlate the activity and same is verified via the Octa Authentication to finally conclude of the defined access and permissible communications are in line with what is expected.

?I also learnt that the unified Data model provides asset inventory, prioritized alerts, highlights IAM risks, aids Cloud Compliance, builds remediation and orchestration integrations, strengthens Cloud detection and response procedures and helps in isolation and control.

?Hence, Understand your 'Breadth'.

?Dimension 2: Height – Since the Adversary can quickly jump through security systems, defenders must know how comprehensive their defenses are and how they stack.

Do we have security controls that actually work together and in tandem??

Identify and address all cloud risk namely vulnerabilities, misconfigurations, data exposure, authentication and entitlements, malware, API and web application exposure and lateral movement risks.

I learnt that Orca gives full coverage of OS, applications and libraries to help identify vulnerabilities. It helps prioritization across cloud infrastructure and workloads to highlight misconfigurations. It aids alerts on insure data and PLL to counter data exposure. It helps identify over permissioned accounts and identify risks to counter authentication and entitlements.?Orca has signature and heuristic based detection to address malware. It provides full inventory of managed and unmanaged APIs to id API and web application exposures. Orca has alter on insure keys and improper segmentation to counter lateral Movement Risks.

Dimension 3: Depth - Since the adversary will literally move in your environment, defenders need to the context of what is accessible to your front-end systems. Adversaries do not target 'Crown Jewels' and every enterprise invariably starts by identifying crown jewels and then fortifies the same laterally. The attackers actually end up reaching to the crown jewels, but by exploiting anything that is on the outside, just to get into the environment.

Orca highlights the Automatically Surface Attack Paths. This helps to focus on the Risks that matter. Orca helps to deeply understand toxic combinations of security issues, easily understand top risks with scoring and identification of crown jewel risks, MITRE Attack mappings and detailed attack story ensure that you and your teams understand the risk.

Dimension 4: Time - Since the adversary can wait until you aren’t watching, defenders need to ensure the continuity of all defensive controls

If your security systems are not maturing, it is probably getting worse or decaying over time.

Orca has integrated CI/CD Controls to Shift Security Left. Orca helps to identify vulnerabilities and misconfigurations across the pipeline, enforce policies to prevent insecure deployments in container images and IaC images and it is natively integrated into cloud-native technologies and DevOps tools.?

@Andy Ellis sums up the entire process as:?

- Easy 1-2-3 one time deployment.

- Scan you entire cloud estate in minutes

- Act on critical issues immediately

- Shifts Security left - as a part of DevOps an development workflows

- Covers 100% of assets, now and in future.

?

So the Life with Orca is after a simple three-step onboarding process, which takes under six minutes, is to start scanning the entire Cloud estate. One tool to rule them all Orca Security continuously covers 100% of your entire environment now and in the future.

?

In a nutshell:

- View every cloud asset

- Prioritize what matters

- Start fixing issues

- Always-on Security

- One Tool to Rule them all

Thanks to EliteCISOs and Ocra once again.