Welcome to the third in a four-part series on how Cloud Access Security Brokers (CASBs) can help protect your organization from the top twelve threats to cloud computing in 2016. If you want to read the first two blogs, their links are provided below.
This blog series examines whether a CASB can help protect your organization from the top cloud computing threats identified by a Cloud Security Alliance (CSA) working group. The four-part series includes:
- Part 1: CASB 101
- Part 2: CASBs and Threat Detection
- Part 3: CASBs and the Treacherous 1- 6
- Part 4: CASBs and the Treacherous 7-12
CASBs and the Treacherous 1 through 6
The first 6 of the "Treacherous 12" threats that the CSA working group identified are:
- Data breach
- Weak identity, credential, and access management
- Insecure APIs
- System and application vulnerability
- Account hijacking
- Malicious insiders
Here is a definition and an anecdote for each of these threats, along with an assessment of whether a Cloud Access Security Broker (CASB) like Palerra can help protect against it.
A data breach occurs when an unauthorized person releases, views, steals, or otherwise uses sensitive, protected, or confidential information.
A CASB can help detect data breaches by monitoring privileged users, encryption policies, and sensitive data movement.
Weak identity, credential, and access management
This refers to data breaches and enabling of attacks due to such factors as not having scalable identity and access management systems, failure to use multi-factor authentication, and permitting users to have weak passwords.
A CASB can help monitor and detect weak authentication policies, user, service account access patterns, and non-compliant use of cryptographic keys.
The security and availability of cloud services depends on the security of the APIs that cloud computing providers make available for third party vendors.
A CASB can help monitor API usage in clouds and detect unusual activities originating from API calls. A CASB can also assist in supporting risk scoring of external APIs and applications based on the activity.
System and application vulnerabilities
These are exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system, or disrupting service operations. Two well known examples, Heartbleed and Shellshock, proved that open source applications are vulnerable to threats. The systems most affected by Heartbleed and Shellshock were running Linux, which means that 67.7% of all websites were impacted.
A CASB can help with security-hardened baseline configurations, continuous monitoring, and alerts if there is a change to the desired configurations and change in the application access patterns.
Methods of account hijacking include phishing, fraud, and exploitation of software vulnerabilities. Attackers can eavesdrop on activities and transactions, then manipulate data, return falsified information, and redirect to illegitimate sites. Targeted "CEO Fraud" phishing scams are estimated to have cost $2.3B over 3 years. In these scams, an employee gets an email from what appears to be the CEO asking them to wire money. The FBI estimates that organizations lose $25K to $75K per attack. Could a CASB have helped?
A CASB can enhance efforts to monitor users, privileged users, service accounts, and API keys. CASBs use machine learning techniques and behavioral analytics to further efforts in detecting account hijacking threats.
A malicious insider is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access.
A CASB can assist efforts to monitor for overly-privileged user accounts, plus help with changes to user profiles, roles, and privileges, and notify you of drift from compliant baselines. Also, a CASB can help detect malicious user activity using behavior analytics (UBA).
If you don't want to wait for the final post in the four-part series, check out our white paper, "Can a CASB Protect You from the 2016 Treacherous 12?"