Security can get left behind as organisations migrate their infrastructure to cloud services provided by third parties.
In order to ensure organisations stay secure as they take advantage of the cloud, WithSecure™ (formerly known as F-Secure Business) has launched a new module for its WithSecure™ Elements security platform that identifies insecure cloud configurations attackers use to compromise networks.
Challenges
It's become commonplace for organisations to incorporate cloud-based infrastructure-as-a-service (IaaS) offerings into their IT estates. This transformation has many benefits, but also new challenges, particularly in relation to security.
These challenges include the rapid development of IaaS platforms, a scarcity of professionals with cloud security skills and experience, different regulatory considerations, and overall complexity. The fact that many companies use multiple public cloud providers simultaneously only adds to the difficulties in securing such infrastructure.
Cloud security
For many customers, it is very confusing to understand which aspects of security are delivered by the cloud provider"
“The task of securing cloud infrastructure is very hard for several reasons. The cloud typically provides a layer of abstraction compared with traditional infrastructure, meaning that both traditional and could-specific security concerns apply."
"For many customers, it is very confusing to understand which aspects of security are delivered by the cloud provider and which is the sole responsibility of the user,” said WithSecure™ Head of Product Management, Leszek Tasiemski.
Security vulnerabilities
The challenges can add up to significant security problems. A 2022 WithSecure™ survey found that nearly 34% of companies detected non-misconfiguration vulnerabilities and 24% detected misconfigurations impacting their cloud platforms in the previous 12 months.
“There are sometimes vulnerabilities in the cloud layer, like Amazon’s IMDSv1. And cyber criminals do their homework. It’s becoming more common for these configuration errors to be successfully attacked by adversaries in the kind of incidents you hear about in the news,” added Tasiemski.
Cloud Security Posture Management
The module manages risks related to vulnerabilities and misconfigurations in popular cloud-based IaaS platforms
Cloud Security Posture Management is a new module available for WithSecure™ Elements, a cloud-based security platform that provides organisations with the flexibility to pick and choose the capabilities they need via different modules.
The module is intended to manage risks related to vulnerabilities and misconfigurations in popular cloud-based IaaS platforms. Support for both AWS and Microsoft Azure is provided from the very beginning.
Specific benefits
- Cloud security posture scanning that identifies and prioritises misconfigurations based on risk level with accompanying mitigation instructions.
- Configuration checks for overly permissive IAM privileges, unencrypted data at rest, cloud instances with access to public IP addresses, whether logging is enabled for incident investigation, and additional existing and emerging cloud security issues.
- Service powered by consulting expertise and research to ensure checks fit within threat models and add real security value to organisations.
- Dedicated dashboard where important information that requires attention is provided in easy-to-interpret graphs, such as the evolution of security posture over time, and different security posture insights.
- Multi-company and multi-cloud management in a single easy-to-use portal along with endpoint security, collaboration protection, and vulnerability management products.
- Specific rules and flagging that help in maintaining compliance with independent standards, namely CIS and NIST CSF.
- Possibility for partners, like MSPs and MSSPs, to provide CSPM as a managed service to their customers.
Ensuring seamless cloud migration
The capabilities provided by Cloud Security Posture Management complement WithSecure™ Elements’ endpoint protection, endpoint detection and response, vulnerability management, and collaboration protection modules to ensure organisations’ migration to the cloud includes security.
WithSecure will present Cloud Security Posture Management at SPHERE 2023, a cyber security event held annually in Helsinki, Finland on May 24-25, 2023.
- Network / IP
- Remote surveillance
- Electronic security systems
- Application security
- Physical security
- Industrial security
- Remote security
- Commercial security
- Perimeter security
- Security management
- Security policy
- Security devices
- Security installation
- Security tagging
- Security monitoring system
- Security access systems
- Asset tracking
- Electronic access control
- Intrusion detection
- Industrial security systems
- Wireless security
- Door access control
- Security service
- Industrial surveillance
- Physical Security Information Management (PSIM)
- IP security solutions
- Testing & Approvals
- Perimeter protection
- Cyber security
- Crime prevention
- Crowd Management
- Corporate Security
- Indoor Security
- Central Monitoring
- Security Assessments
- Cloud security
- Mobile access
- Touchless Security
