Making sense of cybersecurity strategies was the theme to kick off the Alert Logic and AWS Cybersecurity Summit in June – three days of exchanging strategies, technical insights, and best practices to achieve cloud security and compliance, respond to threats faster, and improve productivity. A panel consisting of experts from AWS, industry analyst ESG, and Alert Logic opened with a lively roundtable discussion of the key trends, challenges, and solutions for securing workloads on AWS. It’s worth capturing a few top takeaways.
Key Takeaways from the Alert Logic and AWS Cybersecurity Summit
Alert Logic’s Vice President of Product Marketing, Bharath Vasudevan, got the conversation rolling with question:
How are mid-market cloud customers coping with the migration to the cloud and maximizing value from their investment?
Doug Cahill, VP of Analyst Services with ESG, came armed with the latest cloud native infrastructure security study, identifying Migration, Modernization and Optimization as the typical stages of cloud adoption.
“There’s a couple common threads through these different stages. One is the increasingly prominent role of the developer. The developer now is often in the position of choosing the technology stack with respect to the composition of modern applications. The other common thread of course is the expansion of the attack surface. That is, while there is an increase in cloud resident-based workloads, we still have on-prem infrastructure, dramatically increasing the attack surface.” – Doug Cahill, VP of Analyst Services, ESG
Cahill pointed out that only 12 percent of surveyed organizations reported that they had not experienced an attack on their cloud footprint. He also observed that malware had moved laterally into cloud workloads. “And that’s important, because we need controls to be able to prevent east-west traffic, but we also need visibility,” Cahill said. “We need to be in detect and response postures so that when malware does move laterally, we have the system level of telemetry and activity so we can respond accordingly and can remediate.”
Ryan Orsi, Worldwide Security Practice Leader for AWS, agreed that the customer’s security challenges evolve at different stages of that cloud journey, emphasizing the middle stage when customers are just starting to unlock more value from the additional cloud native services and increase their efficiencies.
“Everybody has to innovate faster and faster these days. We’ve partnered with companies like Alert Logic to make sure that we’re sharing feedback from customers and our own developers as we release services into the modernization phase of the cloud journey.” – Ryan Orsi, Worldwide Security Practice Leader, AWS
“A lot of organizations are thinking ‘Well, if I have to build in security on this cloud journey and the journey has been accelerated, how do I keep up today? Who can do that for me?’” said Onkar Birk, Chief Operating Officer and Chief Technical Officer with Alert Logic. He saw more companies addressing security concerns earlier and more strategically in their cloud journey.
Common Use Cases
Visibility has emerged as a central issue when it comes to cloud security, according to ESG research. API security is the leading use case for full stack, full lifecycle cloud-native security, followed by data loss prevention controls for object stores, as well as container security. On the horizon, endpoint detection and response for cloud-resident server workloads is among the most anticipated areas for growth.
“What is interesting to me about this data point is it’s a proxy for the criticality of an organization’s cloud footprint. It really says ‘Hey you know what? The apps are running in the cloud now. I’m a mid-market organization, it’s running my business. It’s fundamentally running front, middle and back operations.’ It is front and center,” said Cahill. “I need visibility. I have to be in a proactive response posture. And so part of that is to have EDR applied to your resident workloads.”
Wrestling with Three Key Variables: People, Process and Tools
When it comes to managing the tradeoffs inherent in finding the right ratio of people, processes, and tools applied to cybersecurity, AWS looks to its partners to strike the perfect balance for a given implementation while they stay focused on tools being used. “We’re developing new security services, new integrations across the platform with other services to enhance the visibility of events, enrich data sources that are going into partner solutions as well as our own native services. So we’re very highly focused on that tools line there. Always making them better,” said Orsi. “Better detecting, better at predicting, better at recommending a response.”
ESG’s Cahill added that very few organizations are prepared to manage cybersecurity themselves, and the chief reason is a critical shortage of skills in cybersecurity and cloud architectures.
“It’s a question we ask in an annual statement running for 13 years, which is ‘Where in your IT organization do you have the most problematic shortage of skills?’ and unfortunately cybersecurity has been number one in that list year after year. This prior year, number two, was public cloud architects. That’s the intersection point of having the skills in your team to be able to secure the use of the public cloud. It’s even more acute in mid-market organizations where you’re more likely to have generalists.”
Acronym Soup – EDR, MDR, XDR
Put a cybersecurity analyst, a cloud provider, and an MDR vendor in a room and they are bound to fall into a discussion riddled with acronyms, and this particular group was inevitably drawn into a debate on the merits of EDR, MDR and XDR. As an analyst, ESG’s Cahill sees this acronym soup every day.
“You need visibility into your cloud footprint. That’s front and center here with XDR. So you know the attack surface has expanded and because of that, I want to extend my detection and response posture and practices across the attack surface. That means my cloud resident VMs, my containers, all my cloud services, the APIs that were mentioned, as well as my network and email vector, which is often the entry point for attacks. And really the ability to stitch together the attack chain that is unfortunately increasingly, including the cloud footprint. Similarly, while MDR made EDR accessible to a broader part of the market, MDR is now making extended threat detection and response (XDR), available to a broader set of the market.” Doug Cahill, VP of Analyst Services, ESG
Onkar Birk explained how Alert Logic views what is under the management umbrella for detection and response. “We’re managing detection across that entire array of acronyms. Regardless of what the data source is – and a lot of data sources are our data sources. So regardless of those data sources, someone has to make sense of them and prioritize them.”
MDR: The Core Component of Most Security Programs
ESG research showed broad adoption of MDR, turning up just 5% of organizations who had no plans to leverage MDR. Cahill pointed out that MDR and EDR aren’t mutually exclusive. “I’ve talked to a lot of organizations that may have an EDR control or an XDR initiative for controls they’re driving, and they’re augmenting that with MDR,” Cahill said.
Ryan Orsi closed the discussion with this advice about implementing a security strategy: You don’t have to do it alone. “Most businesses can really leverage the assistance of a partner for different reasons. Sometimes if it’s a smaller startup business, often just completely outsourcing or relying on an MSSP, using MDR for their type of company for 24/7 operation of AWS security can be really powerful. If it’s a larger enterprise or mid-market company, augmenting certain workloads and sitting side by side with the different security teams internal to that account/customer can be really powerful as well.”
For a deeper dive into the complete roundtable discussion, visit: https://www.alertlogic.com/lp/aws-summit/