The COVID pandemic was the last straw for traditional security. The expanding attack surface and heightened threat landscape required a new paradigm for protection. Waging a war where the odds were stacked against them, organizations turned to their cloud providers for help.
“The cloud is now the first line of defense,” theCUBE industry analyst Dave Vellante said in a recent Breaking Analysis column evaluating the cybersecurity market. “AWS, specifically, but hyperscalers, generally, provide the services, the talent, best practices and automation tools to secure infrastructure and their physical data centers.”
The Amazon Web Services Inc. Partner ecosystem is nurturing cloud-native startups in the vanguard of this new defense. Ten AWS partners recently presented their solutions as part of the “Cybersecurity — Detect and Protect Against Threats” event, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio, hosted by industry analyst John Furrier (pictured). (* Disclosure below.)
In case you missed it, here are theCUBE’s top three takeaways from the event:
1) Cyber resilience provides protection in a constantly changing threat landscape.
The days when security meant a static set of rules that had to be followed without exception are over. Today’s solutions have to be as dynamic and ever changing as the cloud computing environment they aim to protect.
“As new technology becomes available, that opens additional attack vectors,” Ed Casmer, founder and chief executive officer of Cloud Storage Security, said in a conversation with theCUBE. “The challenge is keeping up with the changing world, including keeping up with the new ways that people are finding to exploit vulnerabilities.”
Liz Rice, chief open-source officer at Isovalent Inc., agrees. Rice participated in the AWS Heroes panel during the event.
“Everything that we do to defend cloud workloads, it becomes a new target for the bad guys, so this is never going to end,” she said.
The answer is not to run around eliminating vulnerabilities one by one, but to combat the ever evolving security landscape by being prepared for whatever threat may appear. This concept is known as cyber resiliency, and it was introduced by Jon Ramsey, vice president of AWS Security – Enterprise Security Services at AES, during his keynote speech for the “Cybersecurity — Detect and Protect Against Threats” event.
“You want to mitigate the threat or mitigate the vulnerability to protect the asset,” he said. “Then you respond and then you remediate, and you have to continuously do that cycle to be in a position to have cyber resiliency.”
The theme of cyber resiliency came up in many of the sessions, as the participants acknowledged the importance of proactive preparedness in order to detect and minimize disruption from the inevitable attempts to breach an organization’s core systems.
“I think it’s acknowledged now that you’re not going to have complete security. We’ve gotten past that. It’s not a yes or no binary thing; it’s let’s find that balance in risk,” said Mark Nunnikhoven, distinguished cloud strategist at Lacework Inc., who was also part of the AWS Heroes panel.
Here’s the complete opening session video interview with Jon Ramsey:
2) APIs are an open doorway for cyber thieves.
Application programming interfaces enable the seamless application performance users have come to demand, but their ubiquitous nature makes them an easy target for criminals.
“APIs are getting published way faster than the security teams are able to control and secure them. APIs are getting published in environments that the security team is completely unaware of,” Ameya Talwalkar, founder and chief executive officer of Cequence Security Inc., told theCUBE during the event.
While source code design is one factor that leads to API insecurity, the biggest problem is misconfiguration, which accounts for 60% of all API breaches, according to IBM research.
“We get away with a little bit of sloppy hygiene when it’s internal to the network, but now that we’re exposing those APIs and we’re publishing APIs to the world, there’s a degree of precision required. The stakes are just much higher,” Karl Mattson, chief information security officer at Noname Security, said during the event.
Traditional security platforms often miss detecting vulnerabilities caused by APIs, and when companies undergo an audit of their API assets, they are often in for a big surprise. In most breaches where an attacker has used an API in order to gain access, the API in question had zero security protections, according to Talwalker.
“Which means the security team or any team that is responsible for protecting these APIs are just completely unaware of these APIs being there in the first place,” he said.
The moral of this story? Companies need to inventory and monitor their API assets or risk being breached through an open doorway they weren’t even aware existed.
Here’s the complete video interview with Talwalkar:
And here’s more about API security in the complete video interview with Mattson:
3) In open source we trust.
Although some chief security officers are happy to throw money at purchasing every point solution out there, a more cost-effective approach is to take advantage of the many active open-source security projects available in the cloud-native ecosystem. These allow teams to experiment and build custom security tooling configurations without having to “pay a giant sum to get a black box,” according to Rice.
“The rise of open-source tools means that you can start with something pretty powerful that you can grow with,” she said.
This has flipped the paradigm for vendors. Instead of top-down decision-making, when it comes time to invest in enterprise features to extend the functionality of the open-source tooling, the engineers using the tools are telling executives what to buy.
“People are not only deploying this new level of tooling, but they’re confident that it’s actually providing the security it promised,” Nunnikhoven said.
Many of the companies presenting during the “Cybersecurity — Detect and Protect Against Threats” event have solutions based on open-source technology, including SecurityScorecard Inc., whose solution is underpinned by the real-time streaming capabilities of Confluent Inc.’s data streaming platform.
“At its core we’ve leveraged that open-source foundation of Apache Kafka, but we have rearchitected it for the cloud with a totally new cloud native experience,” said Bharath Chari, team lead of solutions marketing at Confluent.
Here’s the complete AWS Heroes panel video interview:
Complete written coverage of the “Cybersecurity — Detect and Protect Against Threats” event can be found on the SiliconANGLE event page; and you can catch up on theCUBE’s complete coverage on the exclusive event website.
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the “Cybersecurity Detect and Protect Against Threats” event. Amazon Web Services and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)