Tag Archive for: Cloud Security Posture Management

RedSeal announces support for 3rd-party firewalls in public clouds

RedSeal unveils support for third-party firewalls in public clouds, empowering enterprises to understand all attack paths to stop breaches

Seamlessly integrates with Next-Generation Firewalls from Palo Alto Networks, Cisco, Fortinet, and Check Point deployed in AWS and Azure clouds

Menlo Park, Calif., August 9, 2023 — RedSeal, a pioneer in cyber attack path management, announces support for third-party Next-Generation Firewalls (NGFWs) deployed in AWS, Azure and other clouds. With this capability, RedSeal continues its mission to enable enterprises to comprehensively understand all attack paths to critical data and applications and reinforce their defenses against evolving cyber threats.

Understanding attack paths to critical resources is paramount for enterprise customers to stay one step ahead in today’s complex hybrid cybersecurity landscape. As organizations increasingly adopt cloud-based services, risk exposure expands, defensive gaps inevitably open up, and defenders have to understand more complex interactions. RedSeal delivers support through prebuilt integrations with leading NGFW vendors including Palo Alto Networks, Cisco, Fortinet and Check Point.

“Today’s cyber threats are relentless and increasingly sophisticated. It is imperative for enterprises to have a comprehensive understanding of all attack paths to critical resources, especially in cloud environments,” said Greg Enriquez, CEO of RedSeal. “Introducing third-party NGFW support, we are reinforcing our commitment to delivering best-in-class cybersecurity solutions.”

RedSeal brings cloud-native and third-party security controls into a single view. This gives unprecedented visibility, eliminating blind spots caused by the different perspectives of separate management consoles. Without a single view, defenses are run in silos. Attackers accumulate anywhere the security team cannot see, so the defensive view must be seamless and complete—something only available through automated multi-vendor analytics.

With RedSeal, enterprises further benefit from:

  • Comprehensive Network Visibility: With RedSeal, enterprises gain a holistic view of their cloud and on-premises infrastructure without the need to install any agents. By mapping the entire hybrid network, customers can identify vulnerabilities, configuration errors, and security gaps.
  • Advanced Attack Path Analysis: With this new NGFW support, RedSeal strengthens its threat analysis capabilities. By assessing access controls, security rules, and network segmentation, enterprises can pinpoint weaknesses and take proactive steps to prevent cyber attacks and breaches.
  • Proactive Risk Prioritization: RedSeal delivers risk-based prioritization and actionable insights by applying network context, including that of third-party NGFWs, enabling organizations to proactively address security loopholes and implement effective security measures.
  • Continuous Compliance: RedSeal safeguards a full range of critical compliance and governance requirements with 100+ built-in integrations including PCI, NERC-CIP, CMMC, NIST, RMF, SAP, CIS, and DISA STIGs. RedSeal uniquely understands CIS controls for both cloud and third-party NGFWs.

“Our platforms provide insights with unprecedented speed and accuracy so that our clients stay ahead of cyber adversaries and thwart potential attacks,” said Dr. Mike Lloyd, Chief Technology Officer at RedSeal.

RedSeal’s support for third-party NGFWs in cloud is available now, enabling organizations to embrace cloud technologies with confidence, secure their data, and protect their business-critical assets from emerging cyber threats.

About RedSeal

RedSeal, a pioneer in cyber attack path management, delivers actionable insights to close defensive gaps across the entire network, on premises and in the cloud. Defenders gain the upper hand by knowing their cyber terrain and risk better than their adversaries do. RedSeal’s proven platform explains what is left open, and what it takes to block it, so that security teams can proactively and efficiently remediate issues, spend less effort on compliance, and stay one step ahead. Hundreds of Fortune 1000 companies and over 75 government agencies, including five branches of the U.S. military, depend on RedSeal for exceptionally secure environments.

What Is Cloud-Native Application Protection Platform (CNAPP), An Extension of CSPM

Modern businesses are increasingly storing data in the cloud and for a good reason — to increase agility and cut costs.

But as more data and applications migrate to the cloud, the risk of data and systems being exposed increases. Conventional methods for addressing security aren’t equipped to manage containers and server-less environments. Therefore, gaps, silos, and overall security complexity increase.

This is where Cloud-Native Application Protection Platform (CNAPP), an extension of Cloud Security Posture Management (CSPM), excels. This new cloud platform combines the features of CSPM, Cloud Infrastructure Entitlement Management (CIEM), Cloud Workload Protection Platforms (CWPPs), CI/CD security, and other capabilities into a unified, end-to-end encrypted solution to secure cloud-native applications across the full application lifecycle.

Where CNAPP/CSPM Vendors Fall Short

It’s important to point out that many CNAPP vendors focus on providing security measures, such as CIS compliance checks or a basic “connectivity” view and segmentation to protect an organization’s applications and infrastructure in the cloud. These measures help prevent malicious actors from gaining unauthorized access to an organization’s resources, but they don’t necessarily provide visibility into potential exposures that may exist in an application’s design or configuration, thus providing a false sense of security.

Most vendors can correlate resources to compliance or identity violations, but the network context of these solutions is often limited, leading to a lack of visibility into the hidden attack surface. This results in insights that are often irrelevant and unactionable, causing security teams to chase false positives or negatives and reducing their overall effectiveness. Additionally, the shortcomings of these solutions can cause DevOps teams to lose trust in the security measures in place, hindering their confidence in the infrastructure.

The most critical gap is CNAPP vendors lack the ability to calculate net effective reachability, which determines the network’s overall connectivity, including identification of potential points of failure or bottlenecks. In simple terms, they cannot accurately determine if their critical resources are exposed to the Internet. Without this information, security teams will be unable to identify the main cause of a problem or effectively prioritize potential threats. The result is inefficiencies and delays in the security response process, leaving the company vulnerable to attacks and flag false positives/negatives to the DevOps teams.

To identify exposures, organizations need to conduct assessments that look for end-to-end access from the internet that drive up risks to the organization from malicious activities such as insufficient authentication or authorization, unvalidated input/output, SQL injection, cross-site scripting (XSS), insecure file uploads, and more.

What Is CNAPP?

CSPM is an automated set of security tools designed to identify security issues and compliance risks in cloud infrastructure.

CNAPPs consolidate the capabilities and functionalities offered by CSPM and CWPPs, providing centralized access to workload and configuration security capabilities. They help teams build, deploy, and run secure cloud-based apps in today’s heavily dynamic public cloud environments.

A CNAPP solution comes with a single control panel with extensive security features such as automation, security orchestration, identity entitlement management, and API identification and protection. In most cases, these capabilities are used to secure Kubernetes workloads.

How Does CNAPP Work?

CNAPP uses a set of technologies, such as runtime protection, network segmentation, and behavioral analytics, to secure cloud-native applications and services. CNAPP provides a holistic view of the security of cloud applications by monitoring and implementing security protocols across the entire cloud application profile.

CNAPP works by identifying the different components that exist in a cloud-native application, such as containers and microservices, and then applying security controls to every component. To do this, it uses runtime protection to monitor the behavior of the application and its components in real time. It leverages methods such as instrumentation to identify vulnerabilities in the application.

Also, CNAPP uses network segmentation to separate different parts of the application and reduce communication between them, thus reducing the attack surface. In addition, CNAPP includes features such as incident response and compliance management to help businesses respond quickly to security incidents, as well as ensure that apps and services comply with industry standards and regulations.

Why Is CNAPP Important?

Cloud-native application environments are quite complex. Teams have to deal with app workloads that continuously move between the cloud, both private and public, with the help of various open-source and custom-developed code. These codes keep on changing as release cycles increase, with more features being rolled into production and old code is replaced with new.

To deal with the challenges of ensuring the security of highly dynamic environments, IT teams often have to put together multiple types of cloud security tools. The problem is that these tools offer a siloed, limited view of the app risk, increasing the company’s exposure to threats. DevSecOps teams often find themselves having a hard time manually interpreting information from multiple, disjointed solutions and responding quickly to them.

CNAPPs help address these challenges by combining the capabilities of different security tools into one platform to provide end-to-end cloud-native protection, allowing security teams to take a holistic approach to mitigate risk and maintain security and compliance posture.

CNAPP with RedSeal

The challenge most enterprises face is that they cannot get clear visibility of their entire network. Most networks are hybrid, with both public and private cloud environments, along with a physical network framework. This provides siloed visibility, which raises security risks.

When CSPM, CWPPs, CIEM, and CI/CD security work together, companies can quickly get a glimpse of what is happening on their network, allowing IT teams to take immediate action.

RedSeal Cloud, a CNAPP solution, provides organizations with a view of their entire cloud framework to identify where key resources are located and a complete analysis of the system to identify where it’s exposed to attacks. RedSeal maps every path and checkpoint, and calculates the net effective reachability of all aspects of your cloud, enabling you to quickly pinpoint areas that require immediate action. Furthermore, it avoids false positives and negatives, and supports complex deployments with different cloud gateway and third-party firewall vendors.

The Right CNAPP Tool for Reliable Cloud Security Management

Ensuring the security of assets in the cloud has never been more important.

Companies can leverage CNAPP capabilities to secure and protect cloud-based applications, from deployment to integration, including regular maintenance and eventual end-of-life. That said, CNAPP solutions are not one-size-fits-all options but rather a combination of different vendor specialties under a single platform, proving single-pane-of-glass visibility to users.

Companies wanting to adopt CNAPPs should focus on how vendors interpret the underlying cloud networking infrastructure, the per-hop policies at every security policy point, including third-party devices, to identify any unintended exposure, and how the solution interacts with other services, both on-premises and in the cloud.

In summary, every company should ask potential CNAPP vendors:

  • How do they uncover all attack paths to their critical resources and expose the hidden attack surface?
  • How do they calculate the net effective reachability to the critical resources on those paths?

RedSeal’s CNAPP solution, RedSeal Cloud, lets security teams know if critical cloud resources are exposed to risks, get a complete visualization of their cloud infrastructure, and obtain detailed reports about CIS compliance violations.

Want to know how you can stop unexpected exposure and bring all your cloud infrastructure into a single comprehensive visualization? Book a demo with our team to get started!

CNAPP: The Future of Cloud Security

The cloud has arrived. According to data from the Cloud Security Alliance (CSA), 89% of organizations now host sensitive data or workloads in the cloud. But increased use doesn’t necessarily mean better protection: 44% of companies feel “moderately” able to protect this data, and 33% say they’re only “slightly” confident in their defense.

With cloud networks growing exponentially, businesses need a new way to handle both existent and emerging threats. Cloud-native applications protection platforms (CNAPP) offer an integrated, end-to-end security approach that can help companies better manage current conditions and prepare for future attacks.

What is CNAPP?

As noted by research firm Gartner in their August 2021 Innovation Insight for Cloud-Native Application Protection Platforms report (paywall), CNAPP is “an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production.”

The goal of CNAPP solutions is to protect cloud-based applications across their entire lifecycle, from initial deployment and integration to regular use and maintenance to eventual end-of-life. Rather than taking a point-based approach to security that sees companies adopting multiple solutions which may (or may not) work in tandem to solve security issues, CNAPP looks to provide a single user interface and a single source of truth for all cloud-related security processes.

In effect, this approach prioritizes the centralization of cloud security processes to help companies better manage disparate applications and services.

Why Is Security in the Cloud so Challenging?

Effective security relies on effective attack path analysis – the categorization and protection of pathways. In a traditional infrastructure model, these pathways were relatively simple, stretching from internal resources to Internet applications and back.

Highways offer a simple analogy. Say that your resources are in San Francisco, California, and the Internet is in San Jose. Different highways offer different paths to the same destination. Installing checkpoints along these highways, meanwhile, makes it possible for companies to ensure that cars heading into San Francisco or back to San Jose have permission to do so. If they don’t, they’re not allowed to proceed.

The cloud significantly complicates this process by adding a host of new destinations and attack pathways, both on the ground and in the air. Where companies might have managed 50 potential points of compromise, in the cloud this number could be 5000 or 50,000 —and is constantly growing. Plus it is 100x easy to misconfigure the points of compromise.

As a result, there are both more vehicles traveling and more routes for them to travel, in turn making it 100x more complicated to see and secure the cloud. This in turn, increases the risk of traffic getting into or out of your network without the proper permissions, resulting in everything from lateral compromise to ransomware payloads to advanced persistent threats (APTs).

Clouds also create a challenge when it comes to third-party protection. While cloud-native applications are evolving to meet new enterprise requirements, well-known or specialized third-party solutions are often tapped for additional security controls or to provide enhanced functionality. In our traffic example, this means that different checkpoints are managed by different vendors that may not always speak the same language or use the same metrics. This means it’s possible for one of these checkpoints to report a false positive or negative, in turn putting your local cloud environment at risk.

How Can CNAPP Help Companies Address Cloud Security Challenges?

CNAPP solutions makes it possible to centralize security management for greater visibility and control. According to Gartner, this is accomplished via five key components:

  1. Infrastructure as Code (IAC) Scanning
    IAC scanning helps companies identify potential issues with distributed configurations across their network. This is especially critical as infrastructure provisioning becomes more and more automated. Without the ability to regularly scan for potential weak points, IAC becomes a potential liability.
  2. Container Scanning
    Containers are a critical part of cloud computing. By making it possible to package applications in a platform- and service-agnostic framework, it’s easy for companies to deploy new services without rebuilding code from the ground up. The caveat? Containers that have been compromised present serious risks. As a result, container scanning is critical.
  3. Cloud Workload Protection Platforms (CWPPs)
    CWPPs are designed to discover workloads within both cloud and on-premises infrastructure and then perform vulnerability assessments to determine if these workloads pose potential risks based on current policies and if any actions are required to remediate this risk.
  4. Cloud Infrastructure Entitlement Management (CIEM)
    CIEM tools help handle identity and access across the cloud. By automatically granting, revoking, and administering access to cloud services, the judicious application of CIEM solutions make it possible for companies to adopt a principle of least privilege approach to access.
  5. Cloud Security Posture Management (CSPM)
    CSPMs automate the process of identifying and remediating risk across IaaS, PaaS, and SaaS deployments in enterprise clouds. These tools provide the data-driven foundation for risk visualizations and assessments that empower effective incident response.

Working together, these solutions make it possible for companies to see what’s happening in their cloud network environments, when, and why, in turn allowing IT teams to prioritize alerts and take immediate action. Consider the RedSeal Stratus CNAPP solution, which provides companies with a “blueprint map” of their entire cloud framework to identify where resources are located and full attack path analysis to identify where they are exposed.

In the context of our highway example, RedSeal Stratus makes it possible to map every possible path and checkpoint taken, in addition to providing information about each exposed resource at risk in San Francisco and who can get to them within minutes. This makes it possible to assess the net effective reachability of all aspects of your cloud and pinpoint areas that require specific action.

What Comes Next for CNAPP?

Put simply, CNAPP is the future of cloud security, but it’s not a monolithic, one-size-fits-all solution. Given the rapidly-changing scope and nature of cloud services, CNAPP solutions won’t be one-vendor affairs but rather a consolidation of differing vendor specialties under a unified platform model that provides a single pane of glass visibility for users.

Moving forward, companies should expect an increasing focus on the data residing in the resources as the core component of CNAPP. This includes not only a focus on how they are accessible and permissions but on positively identifying where they’re located, what they’re doing, who is accessing them, risks and how they interact with other services and solutions both on-Premise and cloud.

CNAPP is coming of age. Make sure you’re ready for the next generation of cloud security with RedSeal

RedSeal Fills the Gaps in Cloud Security with the Launch of RedSeal Stratus

New platform alleviates security challenges of cloud infrastructures by automatically calculating unintentional exposure of critical resources to the Internet

RedSeal reduces risk by offering security teams a single, comprehensive view of their cloud and continuously meet internal and external compliance mandates

RSA, San Francisco: June 9, 2022 – RedSeal today announced the launch of RedSeal Stratus, a Cloud Native Application Protection Platform (CNAPP) solution. The new solution gives security professionals a ‘blueprint map’ of their enterprise cloud to allow them to accurately identify where and how their business-critical resources are exposed to the Internet. 

Stratus provides a singular view of an organizations cloud infrastructure, either Amazon AWS or Microsoft Azure or both, by creating a comprehensive visualization of connectivity within and between clouds using an agent-less API driven approach. 

Fast Analysis Allows Quick Action

Stratus evaluates policies in cloud gateways, 3rd party firewalls, subnets (NACL policies) and instances (security group policies) with full attack path analysis to calculate unintended exposure and quickly begin remediation steps to prevent ransomware attacks and data breaches.

RedSeal’s patented discovery algorithm creates a dynamic visualization of the connectivity and hierarchical relationship between cloud resources and provides: 

  • Exposure trend analysis for AWS and/or Azure in a single view
  • Exposure information organized by AWS accounts, Azure subscriptions, tags, and security groups
  • A detailed visualization of precisely how critical resources are exposed to the Internet
  • The drill-down details of each control and policy at all security checkpoints

Bryan Barney, Chief Executive Officer at RedSeal, commented: “Public cloud models do not have clear perimeters making it a very different reality compared to on-premise security. It has become a large and highly desirable attack surface for online criminals who will quickly exploit poorly secured cloud ports.”

He continued: “Cloud infrastructures can contain thousands of different resources, and organizations can quickly lose track of where their critical assets are located and how they are connected and secured. Stratus is designed to help our customers See and Secure their entire multi-cloud environment. It gives security teams a centrally and continuously monitored and updated view of their cloud resources, making it easy to spot compliance gaps or respond quickly to breaches or unintended exposure to the Internet.” 

About RedSeal

RedSeal – a security solutions and professional services company – helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments – public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

How Security Vulnerabilities Expose Thousands of Cloud Users to Attacks

Cloud computing has revolutionized data storage and access. It’s led the charge for digital transformation and allowed the increased adoption of remote work. At the same time, however, cloud computing has also increased security risks.

As networks have grown and cloud resources have become more entrenched in workflow, cloud computing has created larger potential attack surfaces. To safeguard their mission-critical data and operations, organizations need to know chief cloud cyber risks and have to combat them.

Why Cloud Users Are at Risk

Cloud platforms are multi-tenant environments. They share infrastructure and resources across thousands of customers. While a cloud provider acts to safeguard its infrastructure, that doesn’t address every cloud user’s security needs.

Cybersecurity in the cloud requires a more robust solution to prevent exposure. Instead of assuming that service providers will protect their data, customers must carefully define security controls for workloads and resources. Even if you’re working with the largest cloud service providers, new security vulnerabilities emerge every day.

For example, Microsoft says it invests about $1 billion in cybersecurity annually, but vulnerabilities still surface. Case in point: The technology giant warned thousand of cloud customers that threat actors might be able to read, change, or delete their main databases. Intruders could uncover database access keys and use them to grab administrative privileges. While fixing the problem, Microsoft also admitted it could not change the database access keys, and the fix required customers to create new ones. The burden was on customers to take action, and those that didn’t were vulnerable to cyberattacks.

What Type of Vulnerabilities Affect Cloud Customers?

Despite the security protections cloud providers employ, cloud customers must use best practices to manage their cyberattack protection.

Without a solid security plan, multiple vulnerabilities can exist, including:

1. Misconfigurations

Misconfigurations continue to be one of the biggest threats for cloud users. A few examples:

  • A breach at Prestige Software due to a misconfiguration using Amazon S3 services caused widespread data compromise. This single event exposed a decade’s worth of customer data from popular travel sites, such as Expedia, Hotels.com, and Booking.com.
  • A misconfigured firewall at Capital One put the personal data of 100 million customers at risk.

2. Access Control

Poor access control allows intruders to bypass weak authentication methods. Once inside the network, many organizations do not adequately restrict lateral movement or access to resources. For example, security vulnerabilities in Amazon Web Services (AWS) put up to 90% of S3 buckets at risk for identity compromise and ransomware. The problem? Businesses failed to remove permissions that allowed users to escalate privileges to admin status.

3. Insecure APIs

APIs require access to business data but can also provide vectors for threat actors. Organizations may have hundreds or even thousands of public APIs tied to microservices, leading to a large attack surface. Insecure APIs are cited as the cause of the infamous Equifax breach, which exposed nearly 150 million consumers’ records, along with security lapses at Geico, Facebook, Peloton, and Experian.

4. Lack of Shared Responsibility

Cloud providers manage the security of the cloud, but customers are responsible for handling the security of the data stored in the cloud. Yet, many users fail to keep up their end of this shared responsibility. According to Gartner, 99% of cloud security failures are due to customer errors.

5. Vendors or Third-Party Software

Third-party cloud components mean your networks are only as secure as your vendor’s security protocols. If they are compromised, it may provide a pathway for attackers into your network.

More than half of businesses have seen a data breach caused by a third party. That’s what happened to Audi, Volkswagen, and dozens of others. The infamous REvil ransomware group exploited a vulnerability in Kaseya, a remote monitoring platform, and used it to attack managed service providers (MSPs) to gain access to thousands of customers.

How Can Cloud Users Protect Themselves?

With the acceleration of remote workers and hybrid cloud and multicloud environments, attack surfaces have increased greatly over the past few years. At the same time, hackers have become more sophisticated in their methods.

Since most security tools only work in one environment, it can create a complex web that becomes difficult to manage.

Figuring out how to prevent cyberattacks requires a multi-pronged approach, but it starts with understanding how all of your security tools work together across on-prem, public clouds, and private clouds. You need strategies to monitor all of your networks, including ways to:

  • Interpret access controls across both cloud-native and third-party firewalls (service chaining)
  • Continuously validate and ensure security compliance
  • Manage network segmentation policies and regulations

Security teams must be able to answer these concerns:

  • What resources do we have across our cloud and on-premises environments?
  • What access is possible?
  • Are resources exposed to the public internet?
  • Do our cloud deployments meet best practices for cybersecurity?
  • Do we validate cloud network segmentation policies?

Without a comprehensive cybersecurity solution that evaluates and identifies potential risks, it will be challenging to mitigate vulnerabilities and identify the downstream impacts from security lapses. Even if you believe you have every security measure you need in place across all of your cloud resources, you need a way to visualize resources, identify potential risks, and prioritize threat mitigation.

A Comprehensive Cloud Security Posture Management Solution

Solving a problem starts with identifying it. You need a way to visualize potential vulnerabilities across your networks and cloud resources.

A Cloud Security Posture Management (CSPM) solution will identify vulnerabilities, such as misconfigurations, unprotected APIs, inadequate access controls, and flag changes to security policies. This helps you better understand exposure risks, create more robust cloud segmentation policies, and evaluate all of your cloud vulnerabilities.

Many CSPM solutions, however, only present their finding in static, tabular forms. It can be challenging to understand relationships and gain full awareness of the interconnectivity between cloud resources. Beyond just monitoring traffic, security teams also need to see how instances get to the cloud, what security points it goes through, and which ports and protocols apply.

RedSeal Classic identifies what’s on your network environments and how it’s all connected. This helps you validate security policies and prioritize potential vulnerabilities. RedSeal Classic can evaluate AWS, Azure, Google Cloud, and Oracle Cloud environments along with Layers 2, 3, 4, and 7 in your physical networks for application-based policies and endpoint information from multiple sources.

RedSeal Stratus allows users to visualize their AWS cloud and Elastic Kubernetes Service (EKS) inventory. We’re currently offering an Early Adopters program for RedSeals Stratus, our SaaS-based CSPM, including concierge onboarding service, so you can see the benefits first-hand.

To learn more about how RedSeal can help you see how your environment is connected and what’s at risk, request a demo today.

Visibility: The key to proper Cloud Security Posture Management

Cloud security has become increasingly complex and distributed. The rapid transition to remote work and increased cloud adoption have changed the IT landscape dramatically, which has produced new vectors for cyber attacks and data breaches. Today’s cyber criminals aren’t necessarily trying to knock down doors. Organizations are actually leaving many of them open themselves. According to Gartner, through 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

This is an unsettling prediction, but not entirely surprising given realities that teams face today. The overwhelming complexity of the cloud systems asks for both expertise in both application development and security, which is perhaps unreasonable. The placement of security controls has moved away from security teams and into application development teams.

CSPM: The industry’s response to cloud complexity

To deal with this complexity and constant change, a new market segment has emerged broadly referred to as Cloud Security Posture Management (CSPM), which is typically used by security organizations that want the equivalent visibility and security that they’ve had with on-premise environments.

Current CSPM technology aims to help security teams understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured–and to automate as much of it as possible. And while it is largely successful in accomplishing these feats, CSPM in its current form isn’t without its limitations. As we’ve learned in the past with our approach to securing on-premise networks, visibility plays a fundamental role.

The importance of visibility

It’s not uncommon for organizations to lose track of their cloud deployments over time, considering it only takes a developer and a department credit card to spin up a cloud environment. Nowadays developers are empowered to innovate at speed and scale but who is actually keeping track of these newly-created multi-cloud VPCs, VNETs, and VCNs? Even more worrisome–who is responsible for securing them?

There are always unknowns when networks grow and change, but we also know that tools that provide visibility can give security teams a more accurate, dynamic and comprehensive look at what resources they have, how they are connected and the risks associated with them.

Unfortunately, many CSPM tools present their findings in static, tabular forms and it can be challenging to get an understanding of the relationships between resources, such as between multiple accounts and whether they’re shared or not. Teams are often being asked to secure unmonitored cloud environments and can benefit from a visual, interactive model of their organization’s cloud resources.

This visibility allows security teams to gain full awareness of their cloud footprint and reduce their overall attack surface by understanding the interconnectivity between their resources. Some CSPM tools can show connectivity where there is traffic, but security teams want to calculate how an instance gets to the Internet, what security points it goes through, and through which port and protocols.

Understanding end-to-end access

Current CSPM solutions remain insufficient when it comes to accurately calculating access that can lead to data breaches. Many tools simply call into the APIs of CSPs looking for misconfigurations at the compute and container levels but they don’t fully understand “end-to-end” access. For example, they may only look at a setting in AWS that states a particular subnet is “public” so therefore it’s exposed. That’s not necessarily true because there may have other security controls in place, such as 3rd party firewalls or their own Kubernetes security policy.

For example, perhaps a network security engineer who doesn’t understand native AWS and Azure firewalls instead decides to use a 3rd party firewall from a vendor they’re already familiar with. If that firewall is blocking access to the public-facing Internet, current CSPM tools won’t recognize it, and security engineers can spend their days chasing false positives simply due to a lack of accurate information involving access.

Prioritizing exposed resources

With increased cloud complexity comes increased risk–there were over 200 reported breaches in the past 2 years due to misconfigured cloud deployments. Several of the largest data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks, so prioritization efforts should begin there. Unintended access and Shadow IT can also lead to cloud leaks, and so by establishing an “exposure first” security approach, cloud security teams can identify key vulnerabilities and prevent costly breaches.

CSPM is a key ally in the fight to secure the cloud, but security teams need additional visibility and improved accuracy that is still lacking in many

For more information on RedSeal’s CSPM solution, RedSeal Stratus, check out our website. Or sign up for the Pilot program.

RedSeal Opens Stratus Early Adopter Program to Security Teams Struggling with Cloud Security

Stratus — a SaaS-based Cloud Security Posture Management (CSPM) solution — addresses dangers of exposure and unintended access issues; Free webinar and demo on December 8

SAN JOSE, Calif., Dec. 01, 2021 (GLOBE NEWSWIRE) — RedSeal today introduced its Stratus Early Adopter Program, which provides select customers and prospects the opportunity to evaluate the company’s new SaaS-based Cloud Security Posture Management (CSPM) solution. The new Stratus SaaS offering is focused on providing visibility to cloud and Kubernetes inventory and determining exposed resources in cloud and hybrid cloud environments.

Implementing security controls for cloud environments now extends beyond the responsibility of traditional network security teams, and today includes application developers and DevOps teams. These controls must also consider workload containerization such as Kubernetes, and native offerings from Cloud Security Providers such as Amazon Web Services. As a result, there is exponential growth and pervasiveness of misconfigurations, which put high value resources at risk of unintended exposure to the Internet.

Current members of the Stratus Early Adopter Program represent enterprises ranging from banking and financial services firms, to federal government agencies and high-tech companies. These users have reported benefiting from Stratus’ ability to easily see both exposure and conductivity in and across all accounts in a single view.

Security challenges in the cloud have become so prevalent that Gartner has defined CSPM as a new category of security products designed to identify misconfiguration issues and risks in the cloud. As a CSPM, RedSeal Stratus helps security teams better manage this increased risk by:

  • Immediately identifying which resources are unintentionally exposed to the Internet due to misconfigurations
  • Visualizing their complete AWS cloud architecture to truly understand connectivity between and within cloud resources
  • Understanding their Amazon Elastic Kubernetes Service (EKS) inventory and identifying overly permissive user and service accounts

“Everyone knows that visibility is critical for CSPM to meet its full potential, but very few vendors are delivering on this promise,” said Bryan Barney, RedSeal CEO. “What makes visibility so powerful is the true calculation of access and exposure, and not simply the reliance on CSP settings. With RedSeal Stratus, we are now providing the most accurate, reliable and actionable approach to calculating access and exposure in the cloud.”

RedSeal Stratus is currently focused on AWS cloud environments. Recognizing the demand for better security posture management across Microsoft Azure and Kubernetes environments, Stratus will evolve to support these platforms early next year, making Stratus a complete, robust CSPM solution. Participants of the Stratus Early Adopter Program are eligible for a free 6-month subscription to RedSeal Stratus, with up to 3,000 EC2 instances.

Stratus Webinar and Demonstration

RedSeal will be hosting a free webinar for customers and prospects interested in joining the Stratus Early Adopter Program. The online event will take place on Tuesday, December 8th at 11:00am PST and will provide an exclusive overview of RedSeal’s new SaaS-based CSPM solution. The webinar will cover how RedSeal Stratus can help security teams better manage increased cloud security risks with:

  • Complete and up-to-date visualization of cloud infrastructure
  • Detailed knowledge of Amazon EKS accounts and policies
  • Out-of-the-box dashboard that identifies resources that exposed to the Internet

Click here to register for the free event.

About RedSeal

RedSeal — a security solutions and professional services company — helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments — public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif. Follow RedSeal on Twitter and LinkedIn.

Why Cloud Security Posture Management Is Essential to Your Overall Security Plan

I think we’d all agree the last year and a half has brought disruption, and cloud security wasn’t exempt. The Covid-19 crisis has dramatically expanded attack surfaces as companies transitioned to remote work and embraced the cloud. But let’s be clear: the cloud is not a magic bullet. Yes, the cloud is relatively new and exciting, and it does prevent some of the old security mistakes. And yes, the cloud does close off some previously vulnerable spaces. But at the same time, it opens up new ways to do things wrong.

This is where a strategy called cloud security posture management (CSPM) comes in. The goal of CSPM is to find and reduce attack surfaces, and then eliminate misconfigurations through continuous monitoring of cloud infrastructure. This is important, because more than 99% of cloud breaches have their root cause in customer misconfigurations and mistakes, according to Gartner.

House on fire

I like to use the analogy of a brick house. Even if a house is made of perfect bricks, is it immune to falling down? No. Naturally, when you build a house, you want to make sure the bricks you’re using are solid. But even then, the house can still fall if built incorrectly. Cloud innovators push an approach called “shift left” (meaning detecting problems sooner in the build process), but this is no replacement for checking the final result. After all, no matter how carefully you check a building’s blueprints, the final structure will inevitably be different.

CSPM automates the process of ensuring the individual bricks are OK, but more importantly, makes sure the house as a whole is constructed properly, so it won’t collapse when the big bad wolf (or a squad of hackers) comes along and tries to blow it down.

But what makes CSPM so compelling from a security standpoint is that it’s proactive, not reactive like endpoint management or extended detection and response (XDR). These are analogous to fire alarms for your building. Alarms are necessary for sure, but you have to actually prevent some fires, not just wait and react. So, while firefighting is critical, part of your budget should be for tools that prevent fires in the first place and plan ahead for resilience of your infrastructure when a fire does break out.

CSPM is all about being proactive and putting the right processes in place so that fewer fires start, and spread less when they do happen. Sure, mistakes and misconfigurations will still happen. CSPM recognizes this reality, but proactively hunts for the ingredients that drive security fires rather than just accepting that they can’t be stopped.

The fantasy of DevSecOps

Your developers are not security gurus. The framework called DevSecOps advocates adding security practitioners into the software development and DevOps teams. DevSecOps strives to find a happy balance between development teams that want to release software quickly and security teams that prioritize protection. But, to me, this is too optimistic a notion – it glosses over the fundamental differences that must exist between security thinkers and app developers. Developers think “how can I make this work?”, but security is about thinking backwards – “how can this be abused?”

Security is also fundamentally a big-picture problem, where all interactions have to be considered. Getting back to the building analogy, CSPM lets you compare the final structure to the blueprints used to construct it. It allows you to examine the building to see whether there are any flaws or points of structural weakness that the bad guys can exploit to get in. Humans aren’t good at continuous detail checking, but it’s a great job for automated software.

Context is king

Context is everything. The blueprints don’t tell you whether you’re building on sand or building on bedrock. CSPM provides that critical context not just for one section of your structure but for the entire building and its surroundings.

CSPM also automatically determines whether all the cloud applications and services across your entire organization are configured correctly and securely. It’s simply not possible to hire enough security professionals to do that on their own. It’s not that people you have aren’t good; it’s that you’ll never have enough people who are experts in all the rapidly changing cloud languages and configurations.

Bad guys are actively hunting for new openings in your cloud. CSPM is quickly becoming one of the best ways to close the gaps in your security posture and shut the door on those who intend to do you harm.

Check out RedSeal Stratus – our new CSPM tool that offers the worlds most accurate, reliable, and actionable approach to calculating access and exposure. You can join the pilot program now!

Cloud Security Posture Management (CSPM) Done Right

Cloud security is maturing – it has to. We’ve had too many face-palm worthy incidents of organizations hearing “hey, I found your data in a world readable S3 bucket”, or finding a supposedly “test” server exposed that had production data in it. Happily, we are emerging out of the Wild West phase, and some order and maturity is emerging, and along with it, new lingo.

Gartner divides the emerging ideas into three main disciplines – CASB, CWPP, and CSPM. Think of these as if you’re securing a (pre-pandemic!) office building. CASB is your ID badge reader, and CWPP is your video surveillance. Cloud Security Posture Management (CSPM) is everything else you do to secure your building, like having a security guard walk around to look for gaping holes in the wall, or the sounds of someone drilling through a safe.

CSPM is arguably the hardest area to understand, since it’s so broad, but that same breadth is what makes it the most important to get right. In comparison, having no badge readers at all would be bad, but you don’t have to go overboard – you just need a reasonable check that you’re not letting everyone in. Posture management is different – CSPM isn’t a point solution, it’s the approach of always asking “what else have we forgotten?”

CSPM in more detail

If you ask for a crisp definition of CSPM, it’s hard to find one – after all, Posture Management can refer to the mindset of “how could we be attacked, what are the consequences if it happens, and what can we do it mitigate it?” I find it easiest to split this into three main questions – what have you got, what are you doing to protect it, and what’s the level of risk? All of these are familiar to experienced security professionals – we’ve been asking these same questions about IT networks forever. So why is it different in Cloud?

For legacy on-premises networks, the hardest question was “what have you got?” – rapid growth and technology change made keeping an accurate inventory challenging. Cloud disrupts this in some interesting ways. Each cloud account has a controller for the software defined network, which solves one problem, but then goes and creates another. It’s impossible for any network to exist in a software defined cloud that the controller did not create for you. This means you can always tell exactly how big any one cloud network is. Problem solved, right? Not so fast – anyone who’s tried to inventory cloud footprint realizes that this same controller is changing things so quickly you can’t keep up. It’s also so easy to add new cloud networks that people do it and then forget to tell security, so the inventory problem just moves up a level – not “find the missing router”, but “find the missing cloud account”.

In CSPM, most of the key innovations are focused on the second question – “what are your protections, and are they working?” Cloud disrupted this too, bringing innovations that are incompatible with a lot of the traditional security stack. It’s not that question 3 – risk assessment – is unimportant. It’s just that it isn’t so deeply impacted by the differences between cloud, hybrid, and on-prem. Risk assessment is strategy, not tactics.

So why has cloud disrupted the question of whether you have working protections in place? Well, going back to the start of the article, that unintended exposure of a cloud storage bucket represents a mistake we simply couldn’t make until there was a cloud. Sure, every cloud comes with many strong security controls. But that’s the problem – there are so many enforcement controls that are all new, all different, and are like nothing we did for the past 40 years in on-premises data centers. Novelty is great for innovation, but terrible for security. Coordinating all the new controls and ensuring they are used correctly is the core job for CSPM. Basic checklists aren’t enough – just as we’ve found with all previous network technologies, a network built out of individual compliant elements can still fail as a system, like a house built out of perfectly formed bricks which can still fall down if assembled incorrectly.

This is why the core discipline in CSPM is visibility, so you can achieve end to end understanding of what is exposed and what is not. Figuring out access – what can reach what, and especially, what is exposed to the Internet – sounds so basic, but has become explosively complicated. It’s impossible to hire enough certified security professionals with deep enough understanding of all the cloud dialects used across an organization. So the only solution is to focus on CSPM – building up a map of your cloud assets, then looking across all the layers to ask “what is exposed?”

For more information on RedSeal’s CSPM solution, RedSeal Stratus, check out our website. Or sign up for our Pilot Program and test drive RedSeal Stratus yourself!

Finding the Right Approach to Cloud Security Posture Management (CSPM)

Dark Reading | October 29, 2021

New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal’s CTO, reviews one of the latest: CSPM.

Cloud security is maturing — it has to. We’ve had too many face-palm-worthy incidents of organizations hearing “hey, I found your data in a world readable S3 bucket” or finding a supposedly “test” server exposed that had production data in it. Happily, we are emerging out of the Wild West phase, and some order and maturity is emerging, and along with it, new lingo.