How Security Intelligence Enhances Cloud Security
January 16, 2020 • The Recorded Future Team
As cybercriminals continue to target the resource-rich cloud environment, security teams responsible for their organizations’ cloud infrastructures need to evolve their approach toward bolstering their security postures. Security intelligence helps cloud security teams strengthen the security policies and controls that govern and protect their cloud environments — including those that connect to their customers and partners.
By proactively planning and incorporating the principles of security intelligence, organizations can minimize the impact of cyber threats and improve resiliency while also maintaining competitive advantages through the use of cloud platforms and cloud-enabled services.
The Security Intelligence Philosophy for the Cloud
For teams that manage cloud security, a new philosophy is emerging that could have a major impact on the security posture of cloud environments across the globe.
This philosophy comes just in time as cloud environments continue to come under constant attack by cybercriminals. The Booz Allen Hamilton 2020 Cyber Threat Trends Outlook tells the story of how 540,000 customer records were exposed by a vehicle-tracking service provider on a misconfigured cloud storage server — including customer account credentials, vehicle information, and tracking data generated by GPS devices on customer vehicles. This is one of many examples where misconfigurations, lack of controls, and ultimately, a lack of security intelligence comes to bear and ends up making the news cycle.
This environment doesn’t always have clear lines of responsibility, making it difficult to manage an acceptable — maybe even desirable — security posture in the cloud. Perhaps the responsibility of securing the cloud is all yours, or perhaps you share the responsibility with your cloud provider. Either way, moving toward a security intelligence program can drive your policies and controls — whether you are building them from scratch or need a tune-up — as the business and supporting operating environment expand and exolve.
Security intelligence amplifies the effectiveness of cloud security teams by exposing unknown threats and providing information that allows security teams to make better decisions. By producing a common understanding of external and internal threats as well as threats related to third-party ecosystems, security intelligence can enable your cloud team to accelerate risk reduction across your entire organization.
The Principles of Security Intelligence
The security intelligence philosophy is composed of three principles to guide cloud security teams in building a comprehensive security strategy:
- Threat intelligence provides context around the “who, what, and why” of potential cyberattacks. Utilize machine learning and automation from threat intelligence to consume and analyze massive amounts of threat data and technical research from open, closed, and dark sources. By correlating relevant, real-time insights from all these sources with internal network data, cloud security teams can drive faster and more informed security decisions specific to their cloud environment, in whatever forms it may take.
- Brand protection enables security teams to quickly identify what’s being targeted by greedy and malicious threat actors so you can respond to reputational attacks against your company’s brand, as well as the digital risks to the company and its customers. Brand protection safeguards your company against fake accounts, services, apps, APIs, and websites that are set up to attract redirected traffic and provision inappropriate content that can harm organizations and their customers.
- Third-party risk management helps analyze risks originating from extensive ecosystems that share sensitive information with suppliers, partners, contractors, agents, temporary workers, and other third parties. Keeping a close eye on your third-party supply chain is critical because breaches to one entity you work with can quickly infiltrate your entire ecosystem.
By leveraging these three security intelligence principles, security teams can improve risk analysis, threat analysis, vulnerability management, fraud prevention, and incident response capabilities to accelerate risk reduction exponentially.
Applying Security Intelligence to Cloud Policies and Controls
Security intelligence can be applied to specific aspects of an organization’s cloud security strategy. For example, the network infrastructure in the cloud may accept communications from customers using specific devices and protocols. However, if dark web threat intelligence indicates that a particular protocol and port is being used by a threat actor to commit fraud, the cloud security team can adjust the policies and controls on affected routers and switches — giving them the option to shut down customer accounts until the situation is rectified.
Alternatively, the business team might open a portal where partners can register pipeline deals and place product orders. If threat intelligence shows a partner has been compromised, the cloud security team can adjust the risk level policy for that partner and the portal in collaboration with the business team.
If someone on the inside has made it through the cloud perimeter via a partner or customer to access a server with apps and databases containing sensitive information, that’s a vulnerability that could be exploited as a means to steal sensitive data, such as customer information or intellectual property. However, with proper intelligence in play, the cloud security team can proactively isolate or shut down the affected applications and databases until the threat of data loss or damage is eliminated.
A Key Tool for Protecting Your Competitive Advantage
As the Booz Allen Hamilton report referenced earlier points out, the evolution of next-generation digital transformation will generate a multitude of new security vulnerabilities. With cyberattacks coming from the open and dark web, third-party partner and customer ecosystems, and even internal threats, taking a sophisticated approach to improving security postures and improving cyber resilience is more critical now than ever before. This is especially true due to the explosion of cloud platforms and services and the prevalence of ever-expanding third-party ecosystems.
Proactive security planning that incorporates the principles of security intelligence will minimize the impact of cyber threats on your organization and improve your company’s resiliency. By addressing cybersecurity across your entire organization — including the cloud — your security team can enable your company to maintain its competitive advantage by better protecting your proprietary technology, intellectual property, and your supply chain.
Start making your move toward security intelligence today. Download the new second edition of our popular book, “The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program,” to find out how the security intelligence philosophy enables a comprehensive approach to your cloud threat-mitigation strategy.