Cloud environments are making the security alert overload problem worse

cloud-environments-are-making-the-security-alert-overload-problem-worse

Companies say that automation helps ease the burden but most have a long way to go to reach full implementation, according to new survey.

A new survey commissioned by Sumo Logic found that most companies have started to automate the triage of security alerts but most are at the beginning of this transformation.

Image: Sumo Logic

Slow-moving automation efforts and an increase in cloud environments are intensifying the alert overload crisis for security teams, according to a new study.

The “2020 State of SecOps and Automation” report found that IT infrastructure is changing faster than security teams can adapt to the new demands. Sumo Logic commissioned the 427 survey of IT security professionals which was conducted by Dimensional Research.

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)

Big companies report up to 1,000 security alerts a day, and 86% of survey respondents are concerned about burnout, high levels of stress, and flight risk among security teams, due to the daily volume of alerts. Larger companies are making progress with automating some of the response to security alerts but only 3% report full automation.

Security professionals listed these top five reasons for the increase in alerts:

  • Constant changes to the type of threats that must be blocked: 67% 
  • New tools to monitor threats: 60%

  • Growth of the apps and services that IT teams deliver to business stakeholders: 57%

  • An increase in cloud infrastructure: 55%

  • Growth in user endpoints including mobile devices: 52% 

Cloud environments are a significant source of alerts overall. Seventy-five percent of respondents said cloud infrastructures generate more security alerts than on-prem environments.

To deal with this deluge of alerts, security teams are using automation but most are in the early stages of the process. Sixty-five percent of companies have only partially automated security alert processing while only 5% have not implemented any alert workflow automation. Companies farther down the path of automation are more able to address security alerts the same day they occur as compared with companies that are partially automated. Sixty-five percent of the highly automated companies said they were able to respond to all or most of the alerts the same day they were received, while only 34% of partially or not automated companies could respond that quickly.

Seventy-five percent of respondents said they would need to hire anywhere from three to more than 10 additional analysts to address all security alerts the same day they are received.

The survey also asked security professionals about how existing security incident and event management (SIEM) solutions are performing. Survey respondents said that the top frustrations with existing SIEM solutions are:

  • The high number of alerts: 43% 
  • The complexity of operation: 40%

  • Not enough context for threat investigations: 37% 

  • Lack of threat visibility across both on-prem and cloud environments: 33%

Also, companies that use different SIEM solutions for cloud platforms and on-prem networks are more likely to report a lack of threat visibility in both environments. Eighty-four percent of respondents said that a cloud-native SIEM platform would help with this issue.  

Security team members listed automated alert triage with actionable insights and out-of-the-box content for rapid time to value as the two new features that would help the most with managing alerts.

Methodology

Dimensional Research sent this survey to an independent database of IT security professionals, and 427 people completed the survey. All participants had direct responsibility for security operations at an organization with a significant investment in a public cloud and at least 1,000 employees. Participants included a mix of job levels, regions, company sizes, and industries.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see 

Microsoft Cloud App Security: This software can help you to manage shadow IT and boost productivity

microsoft-cloud-app-security:-this-software-can-help-you-to-manage-shadow-it-and-boost-productivity

How to use shadow IT discovery in Microsoft Cloud App Security to help remote workers stay secure and save bandwidth.

With so many people working from home due to COVID-19, cloud applications have become the way to stay connected and get work done, whether that’s with Teams, Office 365, Salesforce, Zoom, virtual desktops – or something you’ve never heard of that an employee has found for themselves and started using. Even more than in an office, the proliferation of cloud apps can turn into a shadow IT security worry – and depending on how access to company data is set up, it might impact home internet bandwidth.

The cloud app discovery tools in Microsoft Cloud App Security (MCAS) are usually seen as a way to get shadow IT under control because they handle SaaS, IaaS and PaaS resources. But simply blocking a service that someone is using to get their job done will only drive them to try a different one. A better approach is to use MCAS to assess which apps are in use, set policies for what’s acceptable, and educate staff on alternatives. In combination with other tools like Microsoft Endpoint Manager, IT departments can prioritise productivity as well as security, improving staff experience as well as protecting data.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

That’s the sort of approach Microsoft cybersecurity CVP Ann Johnson calls digital empathy: providing both strong security and a great user experience.

Forrester’s new report, The Total Economic Impact Of Microsoft Cloud App Security, suggests that the service pays for itself in three months, and shows just how many cloud apps are in use that IT teams know nothing about. Using logs from firewalls, secure web gateways and Security Information and Event Management (SIEM) solutions, connectors and reverse-proxy integration with identity and access management tools, MCAS discovered more than 5,000 cloud apps in use at all four organisations in the study.

One medical device manufacturer found almost 9,000 cloud apps in use on their 50,000 devices – 1,600 of which it wanted to shut down straight away because MCAS shows that they don’t comply with regulations to which the company is subject. Ironically, knowing which cloud apps were compliant meant the company could actually move more data to cloud services than before, because it was confident about compliance, governance and the ability to audit data usage. Making the switch to cloud apps means that employees working from home aren’t limited by the VPN bandwidth to on-premise applications they’re now accessing remotely; many organisations have found that to be a bottleneck they couldn’t scale quickly during lockdown.

The companies in Forrester’s study also found they had 75% fewer security issues, and were discovering security issues much quicker. Partly that’s getting alerts for anomalies and suspicious behaviour on user accounts that have been compromised, like mass downloads, and typical malware or ransomware activity. But it’s important just to know what you have, Joanna Harding, product marketing manager for Microsoft Cloud App Security, told TechRepublic. “You can’t reduce time to remediate if you don’t know what you have in your environment.”

Monitoring Microsoft

Microsoft has been using the service to monitor cloud app usage on its own employee devices since 2017 (and no, the 156,000 Microsoft staff don’t only use Microsoft applications). Cloud apps that don’t meet company policies get blocked, while popular apps that do meet the standards are added to the Azure AD single sign-on list to make them easier to use. Microsoft also applies security controls to the apps (like enforcing least privilege so users aren’t using admin accounts everywhere) and monitors usage for anomalies that could mean an attacker has compromised an employee account.

Seeing all the signals in the same place makes it easier for security analysts in the Security Operations Center (SOC) to see not just the alerts that suspicious activity triggers, but also what other systems might have been affected, says Harding — who used to work in Microsoft’s SOC. Queries can also be customised so that behaviour which is normal for your employees in the current situation doesn’t trigger alerts – even if it might have counted as suspicious six months ago when staff weren’t working from home. That reduces false positives.

“When something happens that does get through the safety net and we end up getting an alert, then we can backtrack with MCAS and quickly see all of the places that particular entity or identity touched, and then write very accurate policies against that to prevent it from happening again. So what comes into the true positive queue really is a clean signal,” Harding explained. That means you can use the option in the dashboard to revoke a user token and force them to sign in again using MFA to block attackers without affecting the productivity of employees who are in the middle of actual work.

SEE: Windows 10: What Microsoft’s Project Reunion means for your applications

When it comes to moving users off the shadow IT cloud apps that you’re not comfortable with, you can make the experience more helpful than just blocking the app so employees can’t get into it, Harding pointed out.

“There are ways to customise the policy for a particular interaction. Let’s say an end user goes to click on an application that they’re using, and the security team has decided to close down that application. They can customise the policy to say in a splash screen ‘hey, we’re not using this application anymore, you can go here, you can use that application’; they can redirect their users in a very functional way to help them. There’s also a lot of user coaching that has been deployed recently within MCAS to help users understand what it is that they’re interacting with; that [an app] is blocked because it’s proxying a session, or what have you. There are lots of ways the user is impacted in a positive way.”

MCAS collects (anonymised) data about apps over time, including how much bandwidth they consume. This can be combined with the new Productivity and Network scores in Microsoft Endpoint Manager (available under Reports in the Microsoft 365 Admin Center for any location where you have computers running the OneDrive for Business sync client), which show how quickly devices boot and whether they have good connectivity to Office 365 resources like Exchange and Teams. You can then include coaching in the custom messages about cloud apps that consume a lot of network traffic, directing employees to the apps you’d prefer them to use that won’t put as much strain on their internet connection.

Microsoft Weekly Newsletter

Be your company’s Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets.
Delivered Mondays and Wednesdays



Sign up today

Also see

The State of Cloud Native Research Report 2020

the-state-of-cloud-native-research-report-2020



Download Now

Palo Alto Networks

Provided by:
Palo Alto Networks

Topic:
Cloud

Format:
PDF

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data.



Download Now

Gambling and the Cloud: Securing the Future (German)

gambling-and-the-cloud:-securing-the-future-(german)

Due to a continuous shift in the tech landscape and a sea of clever cyberattackers, gambling companies — while transforming their online services to the cloud — should choose the right technology partner that can protect them from threats like DDoS, credential stuffing, and sophisticated hacking/cheating attacks.

Read this white paper to understand the unique challenge the gambling industry faces and how the Akamai Intelligent Edge Platform is designed to:

a. &nbsp Block sophisticated attacks/threats before they can reach applications and infrastructure.


b. &nbsp Ensure access to enterprise applications only by authorized users, with the Zero Trust model.


c. &nbsp Dramatically reduce time to onboard third parties by giving access to specific applications to specified partners for a defined period.

Gambling and the Cloud: Securing the Future

gambling-and-the-cloud:-securing-the-future

Due to a continuous shift in the tech landscape and a sea of clever cyberattackers, gambling companies — while transforming their online services to the cloud — should choose the right technology partner that can protect them from threats like DDoS, credential stuffing, and sophisticated hacking/cheating attacks.

Read this white paper to understand the unique challenge the gambling industry faces and how the Akamai Intelligent Edge Platform is designed to:

a. &nbsp Block sophisticated attacks/threats before they can reach applications and infrastructure.


b. &nbsp Ensure access to enterprise applications only by authorized users, with the Zero Trust model.


c. &nbsp Dramatically reduce time to onboard third parties by giving access to specific applications to specified partners for a defined period.

5-min demo: Hybrid Cloud Acceleration

5-min-demo:-hybrid-cloud-acceleration



Watch Now

Veeam

Provided by:
Veeam

Topic:
Cloud

Format:
Videos

Veeam Availability Suite 5-min Demo on Hybrid Cloud Acceleration. The adoption of modern backup systems is driving rapid cloud adoption through the unification of tools — ensuring over 49% savings in hybrid cloud protection. This demo shows how to use native backup and recovery services straight from the cloud, reducing time, cost and resources.



Watch Now

Cloud spending increased in Q1 2020, as COVID-19 spurred demand for collaboration

cloud-spending-increased-in-q1-2020,-as-covid-19-spurred-demand-for-collaboration

Infrastructure spending on cloud grew modestly, while other spending plummeted by 16.3%, according to a new IDC report.

Getty Images/iStockphoto

As the COVID-19 pandemic ushered in a new age of working from home, organizations began to rely on technology that would support a workforce built around virtual collaboration, using tools like video conferencing and cloud platforms. And as COVID-19 continues to spread, these tech features will undoubtedly continue to be a staple of the “new normal” workplace.

New data from the International Data Corporation (IDC) Worldwide Quarterly Cloud IT Infrastructure Tracker details spending on the infrastructure for public and private cloud environments—including spending on server, enterprise storage, and Ethernet switch)—for the first quarter of 2020.  

The big takeaways from the report show an overall (but modest) increase on cloud spending (2.2%) and a major drop (16.3%) on spending for non-cloud infrastructure.

According to the report, COVID-19 was the primary variable that influenced cloud spending. The necessity of shifting to remote work, “increased demand for cloud-based consumer and business services driving additional demand for server, storage, and networking infrastructure utilized by cloud service provider datacenters,” it said. 

SEE: Cheat sheet: The most important cloud advances of the decade (free PDF)

Because of this, and the loss of profit for many organizations, private cloud infrastructure spending declined 6.3% while public cloud infrastructure spending hit $10.1 billion in 1Q20. However, the report also predicts that private cloud infrastructure spending will rebound, eventually ending up as a positive figure by the year’s end.

According to the report, cloud adoption will continue to grow through 2020 because of the “demand for more efficient and resilient infrastructure deployment,” and the investments on cloud infrastructure are predicted to hit $69.5 billion–representing more than half (54.2%) of overall IT spending on infrastructure. 

SEE: How to build a successful career as a cloud engineer (free PDF)

The IDC also offered long-term predictions on cloud IT infrastructure spending, expecting it to reach $105.6 billion by 2024, and representing more than half (62.8%) of total spending on IT infrastructure. It also predicts that while cloud infrastructure spending will be the main focus for infrastructure spending in the enterprise, non-cloud IT infrastructure will also recover this year,  but will end up in the negative, at -1.6%, by 2024.

Cloud and Everything as a Service Newsletter

This is your go-to resource for XaaS, AWS, Microsoft Azure, Google Cloud Platform, cloud engineering jobs, and cloud security news and tips.
Delivered Mondays



Sign up today

Also see

Going cloud native in a time of declining IT budgets

going-cloud-native-in-a-time-of-declining-it-budgets

Cloud services are driving digital transformations, and experts say they are a game changer for delivering value to customers.

Cloud.

Image: Getty Images/iStockphoto

It’s no secret CIOs are trying to balance budgets that are shrinking while meeting exponentially increasing IT demands necessary to support remote workforces and online business. 

Spencer Kimball, co-founder and CEO of startup Cockroach Labs, is making the case for cloud-native apps, especially as IT budgets are decreasing. Kimball suggested companies should be storing their data in open source, flexible databases running on a generic Amazon Elastic Compute Cloud (EC2) instance.

SEE: Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players (TechRepublic)

It’s a good time to adopt cloud-native platforms and all the technologies that enable it, like Kubernetes and containers, which are foundational for orchestrating resources in the cloud in a seamless and holistic way, Kimball said.

“Kubernetes is supported by all the major and private cloud vendors and is a ubiquitous technology,” he said. Companies can do more and faster with microservices and cloud-native platforms, which “dramatically cut overhead on DevOps and human capital to do those things by hand, often with scripts that aren’t always going to work because … they are somewhat fragile and built for one purpose,” he maintained. 

But when it comes to modernizing existing applications to gain the agility, scalability, resilience, and cost benefits of cloud-native computing, application professionals must find and address critical hot spots in the architecture, advised Gartner.

SEE: COVID-19 has become a powerful catalyst for rapid cloud migration (TechRepublic)

And IDC has noted that “While cloud-native applications deliver a multitude of benefits such as infrastructure portability and enhanced automation, they also feature challenges — for example, re-platforming and re-factoring.”

Partnering with the cloud giants may seem like a quick, easy, foolproof, and cheap solution for cloud migration, Kimball said. But often companies are locked in to paying high costs, and proprietary APIs and the fine print in these vendor contracts takes away the flexibility and freedom to make strategic, cost-cutting decisions, he said. 

“In situations where budgets aren’t as constrained, a lot of things get done,” he said. CIOs can still invest in transformation efforts “but they can be more surgical in how we build for the future so we can control costs.”  

Best of breed versus single vendor

 

When the decision is made to implement a cloud-native service, CIOs and IT managers need to figure out whether to use one cloud vendor for everything or a best of breed approach.

 

The single vendor means “one throat to choke” and often better pricing, which tends to appeal to smaller companies, he noted. Best of breed, as the term suggests, offers the ability to pick and choose based on the services needed, with the flexibility to migrate from one cloud to another. This can also be more expensive.

Of course, companies that aren’t startups are typically not completely cloud native, but they should be thinking about migrating some portion of their workloads and apps to newer stacks, Kimball said.

The hybrid cloud stack approach has “significant value,” he said. “No one wants a super high friction, proprietary service that won’t be portable; basically, you’re tying your hands behind your back from an IT perspective.”

Organizations should be careful about how locked in they get with cloud vendors, Kimball said, and he predicts “a multicloud environment will be very much the standard in the next several years as tools like Kubernetes and others make it relatively easy for companies to embrace a multicloud stance.”

From a strategic, forward-thinking perspective, “moving to a cloud-native stack will ultimately set you up to iterate faster,” Kimball said. “With the same budget you can create more services and launch more for customers so they can improve products and services.”

Jonathan Le Lous, field CTO of cloud infrastructure services at Capgemini, agreed, and said overall, the benefits of adopting cloud have far outweighed the challenges.

“Cloud-native, hybrid-cloud, and multicloud solutions are continuing to take the digitization process by storm,” Le Lous wrote in a January blog post. “App development made agile, empowered by microservices, in scalable and contained environments, is changing the way business is done.”

Cloud and Everything as a Service Newsletter

This is your go-to resource for XaaS, AWS, Microsoft Azure, Google Cloud Platform, cloud engineering jobs, and cloud security news and tips.
Delivered Mondays



Sign up today

Also see

Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players

top-cloud-providers-in-2020:-aws,-microsoft-azure,-and-google-cloud,-hybrid,-saas-players

Cloud computing in 2020 is more mature, going multi-cloud, and likely to become more focused on vertical and a sales ground war as the leading vendors battle for market share.

Picking the top cloud services provider isn’t easy given that the answer—much like enterprise software and IT in general—boils down to “it depends.” Whether it’s Amazon Web Services, Microsoft Azure, and Google Cloud platform in infrastructure as a service, or IBM, Dell Technologies, Hewlett-Packard Enterprise, and VMware in multi-cloud hybrid deployments, there are multiple variables for each enterprise. Ditto for software as a service, where the likes of Salesforce, Adobe, and Workday battle SAP and Oracle, an infrastructure- and database-as-a-service player.

In this free PDF ebook from TechRepublic learn how the cloud leaders stack up, the hybrid market, and the SaaS players that run your company as well as their latest strategic moves, and much more!