Using Continuous Intelligence to Address Cloud-Native Application Security Challenges

Security solutions that use continuous intelligence can gain real-time intelligence about security threats from cloud-native applications.

Modern cloud-native applications are often difficult to secure due to their complex nature. They are highly distributed, composed of open-source software and libraries, include many microservices (many of which are provided by third parties), and obtain and provide easy access to data through APIs. Identifying cloud-native application security issues and protecting against threats goes beyond traditional tools that simply monitor operations.

Some recent developments put the potential security issues of cloud-native applications into perspective. For example, a recent study identified 450,000 Kubernetes API servers. And of those, 380,000 have granted some form of access. The researchers noted that: “While this does not mean that these instances are fully open or vulnerable to attack, it is likely that this level of access was not intended, and these instances are an unnecessary attack surface. exposed. They also allow leaks of version and build information.

This makes cloud security all the more challenging, requiring better observability and understanding of interdependencies within cloud-native applications.

Another factor that attracts a lot of attention is the fact that the main open source software and libraries used in many cloud-native applications are susceptible to attack.

One of these vulnerabilities was associated with the Apache Log4j software library. According to the Computer & Infrastructure Security Agency (CISA), “Log4j is very widely used in a variety of consumer and enterprise services, websites and applications, as well as operational technology products, to log security and performance information. A remote actor unauthenticated could exploit this vulnerability to take control of an affected system.

The problem is that the software has been widely used for years. And it is integrated into many applications. Modern application development techniques based on microservices, APIs, and composables make it easy to integrate such software into many applications without even knowing it by simply reusing the components that perform core Log4j functions. Low-code/no-code methods allow for even easier use and reuse of components, magnifying problems.

And in April, CISA added the remote code execution (RCE) vulnerability affecting Spring Framework to its Catalog of known exploited vulnerabilities. The designation was based on evidence of active exploitation.

In both cases, the vulnerabilities are in very commonly used software embedded in a wide range of applications and services. The Spring Framework “provides a comprehensive programming and configuration model for modern Java-based enterprise applications – on any type of deployment platform,” according to Spring. “A key part of Spring is application-level infrastructure support: Spring focuses on enterprise application plumbing so teams can focus on application-level business logic, without unnecessary ties to specific deployment environments.”

In the case of the Spring Framework vulnerability, a recently disclosed remote code execution flaw could potentially be exploited to allow unauthenticated attackers to take control of a system. Similar to Log4j, Spring is widely used, and many organizations may not know exactly if or where it is used.

This month, new attention has been given to the leaking of credentials from many open source projects. Specifically, Ars-Technica reported: “A service that helps open source developers write and test software leaks thousands of authentication tokens and other security-sensitive secrets. Many of these leaks give hackers access to developers’ private accounts on Github, Docker, AWS, and other code repositories.

See also: Cybersecurity must soar to meet today’s threats

How SOAR can help cloud-native application security

Modern cloud-native applications are becoming increasingly complex and difficult to secure. Those responsible for protecting the enterprise against cyber threats must quickly assimilate data from multiple logs, traces, and alerts from security information and event management (SIEM) systems and other security technologies. They must then quickly obtain information on imminent threats in real time and act instantly. Increasingly, the way to achieve this is to use SOAR (Security Orchestration, Automation, and Response).

One of SOAR’s greatest strengths is its ability to apply automation to security operations (SecOps). By automating processes, SOAR frees up analysts’ time to use for more strategic initiatives rather than repetitive, menial tasks. Specifically, tasks previously performed by SecOps personnel, such as vulnerability scanning, log analysis, and ticket verification, can now be performed automatically by a SOAR platform. Additionally, artificial intelligence (AI) and machine learning can be applied to gain insights. SOAR solutions are often used to elevate threats if human intervention is needed, make recommendations for action, and automate responses. They use continuous intelligence to gain real-time information on which a business can base its response to a threat.

Such automation is essential today. The rate at which threats evolve increases the demand for skilled security professionals. The only problem is that many companies are finding it increasingly difficult to recruit an adequate team of cybersecurity professionals.

About Donald J. Beadle

Check Also

Gallagher announces opening of Congressional App Challenge 2022

GREEN BAY, Wis. – Rep. Mike Gallagher (R-WI) today announced that the Congressional App Challenge …