Tag Archive for: CSPM

RedSeal Fills the Gaps in Cloud Security with the Launch of RedSeal Stratus

New platform alleviates security challenges of cloud infrastructures by automatically calculating unintentional exposure of critical resources to the Internet

RedSeal reduces risk by offering security teams a single, comprehensive view of their cloud and continuously meet internal and external compliance mandates

RSA, San Francisco: June 9, 2022 – RedSeal today announced the launch of RedSeal Stratus, a Cloud Native Application Protection Platform (CNAPP) solution. The new solution gives security professionals a ‘blueprint map’ of their enterprise cloud to allow them to accurately identify where and how their business-critical resources are exposed to the Internet. 

Stratus provides a singular view of an organizations cloud infrastructure, either Amazon AWS or Microsoft Azure or both, by creating a comprehensive visualization of connectivity within and between clouds using an agent-less API driven approach. 

Fast Analysis Allows Quick Action

Stratus evaluates policies in cloud gateways, 3rd party firewalls, subnets (NACL policies) and instances (security group policies) with full attack path analysis to calculate unintended exposure and quickly begin remediation steps to prevent ransomware attacks and data breaches.

RedSeal’s patented discovery algorithm creates a dynamic visualization of the connectivity and hierarchical relationship between cloud resources and provides: 

  • Exposure trend analysis for AWS and/or Azure in a single view
  • Exposure information organized by AWS accounts, Azure subscriptions, tags, and security groups
  • A detailed visualization of precisely how critical resources are exposed to the Internet
  • The drill-down details of each control and policy at all security checkpoints

Bryan Barney, Chief Executive Officer at RedSeal, commented: “Public cloud models do not have clear perimeters making it a very different reality compared to on-premise security. It has become a large and highly desirable attack surface for online criminals who will quickly exploit poorly secured cloud ports.”

He continued: “Cloud infrastructures can contain thousands of different resources, and organizations can quickly lose track of where their critical assets are located and how they are connected and secured. Stratus is designed to help our customers See and Secure their entire multi-cloud environment. It gives security teams a centrally and continuously monitored and updated view of their cloud resources, making it easy to spot compliance gaps or respond quickly to breaches or unintended exposure to the Internet.” 

About RedSeal

RedSeal – a security solutions and professional services company – helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments – public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

How Security Vulnerabilities Expose Thousands of Cloud Users to Attacks

Cloud computing has revolutionized data storage and access. It’s led the charge for digital transformation and allowed the increased adoption of remote work. At the same time, however, cloud computing has also increased security risks.

As networks have grown and cloud resources have become more entrenched in workflow, cloud computing has created larger potential attack surfaces. To safeguard their mission-critical data and operations, organizations need to know chief cloud cyber risks and have to combat them.

Why Cloud Users Are at Risk

Cloud platforms are multi-tenant environments. They share infrastructure and resources across thousands of customers. While a cloud provider acts to safeguard its infrastructure, that doesn’t address every cloud user’s security needs.

Cybersecurity in the cloud requires a more robust solution to prevent exposure. Instead of assuming that service providers will protect their data, customers must carefully define security controls for workloads and resources. Even if you’re working with the largest cloud service providers, new security vulnerabilities emerge every day.

For example, Microsoft says it invests about $1 billion in cybersecurity annually, but vulnerabilities still surface. Case in point: The technology giant warned thousand of cloud customers that threat actors might be able to read, change, or delete their main databases. Intruders could uncover database access keys and use them to grab administrative privileges. While fixing the problem, Microsoft also admitted it could not change the database access keys, and the fix required customers to create new ones. The burden was on customers to take action, and those that didn’t were vulnerable to cyberattacks.

What Type of Vulnerabilities Affect Cloud Customers?

Despite the security protections cloud providers employ, cloud customers must use best practices to manage their cyberattack protection.

Without a solid security plan, multiple vulnerabilities can exist, including:

1. Misconfigurations

Misconfigurations continue to be one of the biggest threats for cloud users. A few examples:

  • A breach at Prestige Software due to a misconfiguration using Amazon S3 services caused widespread data compromise. This single event exposed a decade’s worth of customer data from popular travel sites, such as Expedia, Hotels.com, and Booking.com.
  • A misconfigured firewall at Capital One put the personal data of 100 million customers at risk.

2. Access Control

Poor access control allows intruders to bypass weak authentication methods. Once inside the network, many organizations do not adequately restrict lateral movement or access to resources. For example, security vulnerabilities in Amazon Web Services (AWS) put up to 90% of S3 buckets at risk for identity compromise and ransomware. The problem? Businesses failed to remove permissions that allowed users to escalate privileges to admin status.

3. Insecure APIs

APIs require access to business data but can also provide vectors for threat actors. Organizations may have hundreds or even thousands of public APIs tied to microservices, leading to a large attack surface. Insecure APIs are cited as the cause of the infamous Equifax breach, which exposed nearly 150 million consumers’ records, along with security lapses at Geico, Facebook, Peloton, and Experian.

4. Lack of Shared Responsibility

Cloud providers manage the security of the cloud, but customers are responsible for handling the security of the data stored in the cloud. Yet, many users fail to keep up their end of this shared responsibility. According to Gartner, 99% of cloud security failures are due to customer errors.

5. Vendors or Third-Party Software

Third-party cloud components mean your networks are only as secure as your vendor’s security protocols. If they are compromised, it may provide a pathway for attackers into your network.

More than half of businesses have seen a data breach caused by a third party. That’s what happened to Audi, Volkswagen, and dozens of others. The infamous REvil ransomware group exploited a vulnerability in Kaseya, a remote monitoring platform, and used it to attack managed service providers (MSPs) to gain access to thousands of customers.

How Can Cloud Users Protect Themselves?

With the acceleration of remote workers and hybrid cloud and multicloud environments, attack surfaces have increased greatly over the past few years. At the same time, hackers have become more sophisticated in their methods.

Since most security tools only work in one environment, it can create a complex web that becomes difficult to manage.

Figuring out how to prevent cyberattacks requires a multi-pronged approach, but it starts with understanding how all of your security tools work together across on-prem, public clouds, and private clouds. You need strategies to monitor all of your networks, including ways to:

  • Interpret access controls across both cloud-native and third-party firewalls (service chaining)
  • Continuously validate and ensure security compliance
  • Manage network segmentation policies and regulations

Security teams must be able to answer these concerns:

  • What resources do we have across our cloud and on-premises environments?
  • What access is possible?
  • Are resources exposed to the public internet?
  • Do our cloud deployments meet best practices for cybersecurity?
  • Do we validate cloud network segmentation policies?

Without a comprehensive cybersecurity solution that evaluates and identifies potential risks, it will be challenging to mitigate vulnerabilities and identify the downstream impacts from security lapses. Even if you believe you have every security measure you need in place across all of your cloud resources, you need a way to visualize resources, identify potential risks, and prioritize threat mitigation.

A Comprehensive Cloud Security Posture Management Solution

Solving a problem starts with identifying it. You need a way to visualize potential vulnerabilities across your networks and cloud resources.

A Cloud Security Posture Management (CSPM) solution will identify vulnerabilities, such as misconfigurations, unprotected APIs, inadequate access controls, and flag changes to security policies. This helps you better understand exposure risks, create more robust cloud segmentation policies, and evaluate all of your cloud vulnerabilities.

Many CSPM solutions, however, only present their finding in static, tabular forms. It can be challenging to understand relationships and gain full awareness of the interconnectivity between cloud resources. Beyond just monitoring traffic, security teams also need to see how instances get to the cloud, what security points it goes through, and which ports and protocols apply.

RedSeal Classic identifies what’s on your network environments and how it’s all connected. This helps you validate security policies and prioritize potential vulnerabilities. RedSeal Classic can evaluate AWS, Azure, Google Cloud, and Oracle Cloud environments along with Layers 2, 3, 4, and 7 in your physical networks for application-based policies and endpoint information from multiple sources.

RedSeal Stratus allows users to visualize their AWS cloud and Elastic Kubernetes Service (EKS) inventory. We’re currently offering an Early Adopters program for RedSeals Stratus, our SaaS-based CSPM, including concierge onboarding service, so you can see the benefits first-hand.

To learn more about how RedSeal can help you see how your environment is connected and what’s at risk, request a demo today.

Mitigating Cloud Security’s Greatest Risk: Exposure

Cloud security is complex and distributed. Implementing security controls across on-premise environments traditionally sits with the information security team, but in the cloud, the responsibility could be distributed across developers, DevOps and InfoSec teams. DevOps and developers don’t primarily focus on security, and the impact is often seen as an increase in misconfigurations introducing the risk of breaches.

These security challenges in the cloud have become so prevalent that Gartner has defined cloud security posture management (CSPM) as a new category of security products designed to identify misconfiguration issues and risks in the cloud. CSPM tools today are relied on to provide visibility and compliance into the cloud infrastructure but still haven’t been able to address this issue at scale for InfoSec teams. These teams require solutions that can provide risk-based prioritized remediations in an automated way to handle the cloud scale and complexity. To determine which issues to remediate first, the InfoSec teams need to identify critical resources with unintended and accidental exposure to the internet and other untrusted parts of their cloud.

Calculating Exposure Considering All Security Controls

Whether they are on-prem or in the cloud, security professionals worry about getting breached. One recent report said 69% of organizations admit they had experienced at least one cyber-attack that started by exploiting an unknown or unmanaged internet-facing asset. Bad actors can now simply scan the perimeter of your cloud, look for exposed things and get into your network this way.

Cloud security providers (CSPs) like Amazon Web Service and Microsoft Azure have attempted to solve security by developing their own sets of controls, ranging from implementing security groups and network access control lists (NACLs) to developing their own native network firewalls.

Cloud-first companies often rely on these native tools from the CSPs, but for others who aren’t as far along on their cloud journey, making the transition from traditional on-prem to cloud workloads means pulling along their network security practitioners with them. These teams, who often aren’t cloud experts, are responding by deploying third-party firewalls and load balancers in the cloud due to their longstanding familiarity with them from the on-prem world.

Furthermore, the rise of application containerization with Kubernetes (and its corresponding flavors from AWS, Azure and Google Cloud) allows additional security controls such as pod security policies and ingress controllers.

These security controls are invaluable tools for security teams scrambling to secure their sprawling cloud environments and some under the control of development and DevOps teams. Still, they are largely unaccounted for by current CSPM tools when attempting to assess unintended exposure risk.

Current CSPM Solutions Don’t Accurately Calculate Access

Existing solutions look for misconfigurations at the compute or container level but don’t truly understand end-to-end access from critical resources to an untrusted network. They are essentially calling into the APIs of CSPs, and so if the setting in AWS for a particular subnet equals “public,” the tool believes there is exposure to the internet. That’s not necessarily true because a security team may have other controls in place, like a 3rd party firewall or Kubernetes security policy that successfully prevents access, or the security control is not in the path to the critical resources and not protecting them.

The result is that already short-staffed security teams are spending their days chasing security issues that do not impact the organization the most. The question to ask of today’s CSPM products is whether they are repeating data from CSPs based on their settings or accurately calculating effective reachability to their critical resources (and through which specific controls). Security teams need accurate and complete information to inform their remediation options, which can identify CSP-native security groups to specific ports and protocols controlling the access that may allow exposure to occur.

Increasing cloud complexity is making security as challenging as ever. The ability to quickly identify at-risk resources would go a long way in preventing many potential data breaches. Still, the approach that current tools take is incomplete and disregards much of what security teams are already doing to address the problem. Tools need to account for all security controls in place if security teams are to have truly accurate information on which to act.

For more information on RedSeal Stratus, our new CSPM solution, check out our website or sign up for our Early Adopters program.

Visibility: The key to proper Cloud Security Posture Management

Cloud security has become increasingly complex and distributed. The rapid transition to remote work and increased cloud adoption have changed the IT landscape dramatically, which has produced new vectors for cyber attacks and data breaches. Today’s cyber criminals aren’t necessarily trying to knock down doors. Organizations are actually leaving many of them open themselves. According to Gartner, through 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

This is an unsettling prediction, but not entirely surprising given realities that teams face today. The overwhelming complexity of the cloud systems asks for both expertise in both application development and security, which is perhaps unreasonable. The placement of security controls has moved away from security teams and into application development teams.

CSPM: The industry’s response to cloud complexity

To deal with this complexity and constant change, a new market segment has emerged broadly referred to as Cloud Security Posture Management (CSPM), which is typically used by security organizations that want the equivalent visibility and security that they’ve had with on-premise environments.

Current CSPM technology aims to help security teams understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured–and to automate as much of it as possible. And while it is largely successful in accomplishing these feats, CSPM in its current form isn’t without its limitations. As we’ve learned in the past with our approach to securing on-premise networks, visibility plays a fundamental role.

The importance of visibility

It’s not uncommon for organizations to lose track of their cloud deployments over time, considering it only takes a developer and a department credit card to spin up a cloud environment. Nowadays developers are empowered to innovate at speed and scale but who is actually keeping track of these newly-created multi-cloud VPCs, VNETs, and VCNs? Even more worrisome–who is responsible for securing them?

There are always unknowns when networks grow and change, but we also know that tools that provide visibility can give security teams a more accurate, dynamic and comprehensive look at what resources they have, how they are connected and the risks associated with them.

Unfortunately, many CSPM tools present their findings in static, tabular forms and it can be challenging to get an understanding of the relationships between resources, such as between multiple accounts and whether they’re shared or not. Teams are often being asked to secure unmonitored cloud environments and can benefit from a visual, interactive model of their organization’s cloud resources.

This visibility allows security teams to gain full awareness of their cloud footprint and reduce their overall attack surface by understanding the interconnectivity between their resources. Some CSPM tools can show connectivity where there is traffic, but security teams want to calculate how an instance gets to the Internet, what security points it goes through, and through which port and protocols.

Understanding end-to-end access

Current CSPM solutions remain insufficient when it comes to accurately calculating access that can lead to data breaches. Many tools simply call into the APIs of CSPs looking for misconfigurations at the compute and container levels but they don’t fully understand “end-to-end” access. For example, they may only look at a setting in AWS that states a particular subnet is “public” so therefore it’s exposed. That’s not necessarily true because there may have other security controls in place, such as 3rd party firewalls or their own Kubernetes security policy.

For example, perhaps a network security engineer who doesn’t understand native AWS and Azure firewalls instead decides to use a 3rd party firewall from a vendor they’re already familiar with. If that firewall is blocking access to the public-facing Internet, current CSPM tools won’t recognize it, and security engineers can spend their days chasing false positives simply due to a lack of accurate information involving access.

Prioritizing exposed resources

With increased cloud complexity comes increased risk–there were over 200 reported breaches in the past 2 years due to misconfigured cloud deployments. Several of the largest data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks, so prioritization efforts should begin there. Unintended access and Shadow IT can also lead to cloud leaks, and so by establishing an “exposure first” security approach, cloud security teams can identify key vulnerabilities and prevent costly breaches.

CSPM is a key ally in the fight to secure the cloud, but security teams need additional visibility and improved accuracy that is still lacking in many

For more information on RedSeal’s CSPM solution, RedSeal Stratus, check out our website. Or sign up for the Pilot program.

RedSeal Opens Stratus Early Adopter Program to Security Teams Struggling with Cloud Security

Stratus — a SaaS-based Cloud Security Posture Management (CSPM) solution — addresses dangers of exposure and unintended access issues; Free webinar and demo on December 8

SAN JOSE, Calif., Dec. 01, 2021 (GLOBE NEWSWIRE) — RedSeal today introduced its Stratus Early Adopter Program, which provides select customers and prospects the opportunity to evaluate the company’s new SaaS-based Cloud Security Posture Management (CSPM) solution. The new Stratus SaaS offering is focused on providing visibility to cloud and Kubernetes inventory and determining exposed resources in cloud and hybrid cloud environments.

Implementing security controls for cloud environments now extends beyond the responsibility of traditional network security teams, and today includes application developers and DevOps teams. These controls must also consider workload containerization such as Kubernetes, and native offerings from Cloud Security Providers such as Amazon Web Services. As a result, there is exponential growth and pervasiveness of misconfigurations, which put high value resources at risk of unintended exposure to the Internet.

Current members of the Stratus Early Adopter Program represent enterprises ranging from banking and financial services firms, to federal government agencies and high-tech companies. These users have reported benefiting from Stratus’ ability to easily see both exposure and conductivity in and across all accounts in a single view.

Security challenges in the cloud have become so prevalent that Gartner has defined CSPM as a new category of security products designed to identify misconfiguration issues and risks in the cloud. As a CSPM, RedSeal Stratus helps security teams better manage this increased risk by:

  • Immediately identifying which resources are unintentionally exposed to the Internet due to misconfigurations
  • Visualizing their complete AWS cloud architecture to truly understand connectivity between and within cloud resources
  • Understanding their Amazon Elastic Kubernetes Service (EKS) inventory and identifying overly permissive user and service accounts

“Everyone knows that visibility is critical for CSPM to meet its full potential, but very few vendors are delivering on this promise,” said Bryan Barney, RedSeal CEO. “What makes visibility so powerful is the true calculation of access and exposure, and not simply the reliance on CSP settings. With RedSeal Stratus, we are now providing the most accurate, reliable and actionable approach to calculating access and exposure in the cloud.”

RedSeal Stratus is currently focused on AWS cloud environments. Recognizing the demand for better security posture management across Microsoft Azure and Kubernetes environments, Stratus will evolve to support these platforms early next year, making Stratus a complete, robust CSPM solution. Participants of the Stratus Early Adopter Program are eligible for a free 6-month subscription to RedSeal Stratus, with up to 3,000 EC2 instances.

Stratus Webinar and Demonstration

RedSeal will be hosting a free webinar for customers and prospects interested in joining the Stratus Early Adopter Program. The online event will take place on Tuesday, December 8th at 11:00am PST and will provide an exclusive overview of RedSeal’s new SaaS-based CSPM solution. The webinar will cover how RedSeal Stratus can help security teams better manage increased cloud security risks with:

  • Complete and up-to-date visualization of cloud infrastructure
  • Detailed knowledge of Amazon EKS accounts and policies
  • Out-of-the-box dashboard that identifies resources that exposed to the Internet

Click here to register for the free event.

About RedSeal

RedSeal — a security solutions and professional services company — helps government agencies and Global 2000 companies see and secure their on-premise networks and cloud environments. RedSeal Stratus, the company’s SaaS CSPM solution, gives an integrated view of cloud security posture through visualization of cloud-native and Kubernetes controls, and shows which resources are unintentionally exposed to the Internet. RedSeal’s Classic product brings in all network environments — public and private clouds as well as on-premises. This award-winning security solution verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk. The company is based in San Jose, Calif. Follow RedSeal on Twitter and LinkedIn.

Why Cloud Security Posture Management Is Essential to Your Overall Security Plan

I think we’d all agree the last year and a half has brought disruption, and cloud security wasn’t exempt. The Covid-19 crisis has dramatically expanded attack surfaces as companies transitioned to remote work and embraced the cloud. But let’s be clear: the cloud is not a magic bullet. Yes, the cloud is relatively new and exciting, and it does prevent some of the old security mistakes. And yes, the cloud does close off some previously vulnerable spaces. But at the same time, it opens up new ways to do things wrong.

This is where a strategy called cloud security posture management (CSPM) comes in. The goal of CSPM is to find and reduce attack surfaces, and then eliminate misconfigurations through continuous monitoring of cloud infrastructure. This is important, because more than 99% of cloud breaches have their root cause in customer misconfigurations and mistakes, according to Gartner.

House on fire

I like to use the analogy of a brick house. Even if a house is made of perfect bricks, is it immune to falling down? No. Naturally, when you build a house, you want to make sure the bricks you’re using are solid. But even then, the house can still fall if built incorrectly. Cloud innovators push an approach called “shift left” (meaning detecting problems sooner in the build process), but this is no replacement for checking the final result. After all, no matter how carefully you check a building’s blueprints, the final structure will inevitably be different.

CSPM automates the process of ensuring the individual bricks are OK, but more importantly, makes sure the house as a whole is constructed properly, so it won’t collapse when the big bad wolf (or a squad of hackers) comes along and tries to blow it down.

But what makes CSPM so compelling from a security standpoint is that it’s proactive, not reactive like endpoint management or extended detection and response (XDR). These are analogous to fire alarms for your building. Alarms are necessary for sure, but you have to actually prevent some fires, not just wait and react. So, while firefighting is critical, part of your budget should be for tools that prevent fires in the first place and plan ahead for resilience of your infrastructure when a fire does break out.

CSPM is all about being proactive and putting the right processes in place so that fewer fires start, and spread less when they do happen. Sure, mistakes and misconfigurations will still happen. CSPM recognizes this reality, but proactively hunts for the ingredients that drive security fires rather than just accepting that they can’t be stopped.

The fantasy of DevSecOps

Your developers are not security gurus. The framework called DevSecOps advocates adding security practitioners into the software development and DevOps teams. DevSecOps strives to find a happy balance between development teams that want to release software quickly and security teams that prioritize protection. But, to me, this is too optimistic a notion – it glosses over the fundamental differences that must exist between security thinkers and app developers. Developers think “how can I make this work?”, but security is about thinking backwards – “how can this be abused?”

Security is also fundamentally a big-picture problem, where all interactions have to be considered. Getting back to the building analogy, CSPM lets you compare the final structure to the blueprints used to construct it. It allows you to examine the building to see whether there are any flaws or points of structural weakness that the bad guys can exploit to get in. Humans aren’t good at continuous detail checking, but it’s a great job for automated software.

Context is king

Context is everything. The blueprints don’t tell you whether you’re building on sand or building on bedrock. CSPM provides that critical context not just for one section of your structure but for the entire building and its surroundings.

CSPM also automatically determines whether all the cloud applications and services across your entire organization are configured correctly and securely. It’s simply not possible to hire enough security professionals to do that on their own. It’s not that people you have aren’t good; it’s that you’ll never have enough people who are experts in all the rapidly changing cloud languages and configurations.

Bad guys are actively hunting for new openings in your cloud. CSPM is quickly becoming one of the best ways to close the gaps in your security posture and shut the door on those who intend to do you harm.

Check out RedSeal Stratus – our new CSPM tool that offers the worlds most accurate, reliable, and actionable approach to calculating access and exposure. You can join the pilot program now!

Cloud Security Posture Management (CSPM) Done Right

Cloud security is maturing – it has to. We’ve had too many face-palm worthy incidents of organizations hearing “hey, I found your data in a world readable S3 bucket”, or finding a supposedly “test” server exposed that had production data in it. Happily, we are emerging out of the Wild West phase, and some order and maturity is emerging, and along with it, new lingo.

Gartner divides the emerging ideas into three main disciplines – CASB, CWPP, and CSPM. Think of these as if you’re securing a (pre-pandemic!) office building. CASB is your ID badge reader, and CWPP is your video surveillance. Cloud Security Posture Management (CSPM) is everything else you do to secure your building, like having a security guard walk around to look for gaping holes in the wall, or the sounds of someone drilling through a safe.

CSPM is arguably the hardest area to understand, since it’s so broad, but that same breadth is what makes it the most important to get right. In comparison, having no badge readers at all would be bad, but you don’t have to go overboard – you just need a reasonable check that you’re not letting everyone in. Posture management is different – CSPM isn’t a point solution, it’s the approach of always asking “what else have we forgotten?”

CSPM in more detail

If you ask for a crisp definition of CSPM, it’s hard to find one – after all, Posture Management can refer to the mindset of “how could we be attacked, what are the consequences if it happens, and what can we do it mitigate it?” I find it easiest to split this into three main questions – what have you got, what are you doing to protect it, and what’s the level of risk? All of these are familiar to experienced security professionals – we’ve been asking these same questions about IT networks forever. So why is it different in Cloud?

For legacy on-premises networks, the hardest question was “what have you got?” – rapid growth and technology change made keeping an accurate inventory challenging. Cloud disrupts this in some interesting ways. Each cloud account has a controller for the software defined network, which solves one problem, but then goes and creates another. It’s impossible for any network to exist in a software defined cloud that the controller did not create for you. This means you can always tell exactly how big any one cloud network is. Problem solved, right? Not so fast – anyone who’s tried to inventory cloud footprint realizes that this same controller is changing things so quickly you can’t keep up. It’s also so easy to add new cloud networks that people do it and then forget to tell security, so the inventory problem just moves up a level – not “find the missing router”, but “find the missing cloud account”.

In CSPM, most of the key innovations are focused on the second question – “what are your protections, and are they working?” Cloud disrupted this too, bringing innovations that are incompatible with a lot of the traditional security stack. It’s not that question 3 – risk assessment – is unimportant. It’s just that it isn’t so deeply impacted by the differences between cloud, hybrid, and on-prem. Risk assessment is strategy, not tactics.

So why has cloud disrupted the question of whether you have working protections in place? Well, going back to the start of the article, that unintended exposure of a cloud storage bucket represents a mistake we simply couldn’t make until there was a cloud. Sure, every cloud comes with many strong security controls. But that’s the problem – there are so many enforcement controls that are all new, all different, and are like nothing we did for the past 40 years in on-premises data centers. Novelty is great for innovation, but terrible for security. Coordinating all the new controls and ensuring they are used correctly is the core job for CSPM. Basic checklists aren’t enough – just as we’ve found with all previous network technologies, a network built out of individual compliant elements can still fail as a system, like a house built out of perfectly formed bricks which can still fall down if assembled incorrectly.

This is why the core discipline in CSPM is visibility, so you can achieve end to end understanding of what is exposed and what is not. Figuring out access – what can reach what, and especially, what is exposed to the Internet – sounds so basic, but has become explosively complicated. It’s impossible to hire enough certified security professionals with deep enough understanding of all the cloud dialects used across an organization. So the only solution is to focus on CSPM – building up a map of your cloud assets, then looking across all the layers to ask “what is exposed?”

For more information on RedSeal’s CSPM solution, RedSeal Stratus, check out our website. Or sign up for our Pilot Program and test drive RedSeal Stratus yourself!

Finding the Right Approach to Cloud Security Posture Management (CSPM)

Dark Reading | October 29, 2021

New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal’s CTO, reviews one of the latest: CSPM.

Cloud security is maturing — it has to. We’ve had too many face-palm-worthy incidents of organizations hearing “hey, I found your data in a world readable S3 bucket” or finding a supposedly “test” server exposed that had production data in it. Happily, we are emerging out of the Wild West phase, and some order and maturity is emerging, and along with it, new lingo.

RedSeal and Cloud Security Posture Management

According to Gartner’s Innovation Insight for Cloud Security Posture Management, this year (2021), “50% of enterprises will unknowingly and mistakenly have exposed some applications, network segments, storage, or APIs directly to the public internet”. And by 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

What do these statistics say about the changing face of cybersecurity? Twenty years ago, the most common source of security failures was naïve user behavior, typically clicking on a malicious email attachment or link. In on-premise environments, this is still a common vector of infection, but in the cloud the problem is not naïve users, it is overwhelmed administrators. 99% of cloud security failures will be the customer’s fault, because cloud platforms and applications will simply be misconfigured. Let that sink in. Simple misconfigurations were never the primary source of security failures in the past.

Administrators aren’t stupid; they misconfigure systems because they are overwhelmed. Of course, there is a chronic shortage of security talent, but that has been true for decades. What has changed, with the advent of cloud computing, is the overwhelming complexity of the systems. Cloud security controls and best practices are very different from those used in on-premise environments. Those available in AWS are similar, but different from those in Azure, or Google Cloud. Kubernetes has a unique security model of its own, and all these environments are changing constantly.

To deal with this complexity and constant change, a new family of technology has emerged broadly referred to as Cloud Security Posture Management (CSPM). The goal of these technologies is to help admins understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured, and whether it meets various compliance standards.

For more than a decade, RedSeal has been in the business of helping customers understand their on-premise networks i.e. what devices are on the network, how they are connected, and the security implications of their configuration. We do this by creating a detailed model of their network that can be compared against best practices, compliance standards, and the customer’s intended network design (customers are almost always surprised with how different their network is from what they originally intended). Put simply, customers use us to find and correct network misconfigurations.

With data centers and networks moving to the cloud, our customers are increasingly asking us to help them find and correct cloud misconfigurations as well. They need an accurate model of their cloud environments to understand questions like how many cloud accounts they really have, what resources are in each, what security controls are in place, what is the aggregate effect of all those security controls on resource access, and are any resources inadvertently exposed to the internet. They often have a basic design for their cloud but are unsure if their implementation is consistent with their intentions. The truth is, it never is, and they need a product that can provide them with a reality check.

At RedSeal, our mission is to provide organizations with technology that allows them to understand their network, hybrid, and cloud security posture. Because cloud technology is so complex, and changing so quickly, organizations need powerful technology to understand their implementation. They need to model their environment, so they can easily spot flaws. Our tag line is “See and Secure” because you can’t secure what you don’t understand.

For more information on RedSeal Stratus, our new CSPM solution, click here.

For more information of ways that RedSeal can help avoid unintended internet exposure, check out our Solution Brief.

If you’re concerned about your EKS Security, click here.

RedSeal Launches New Cloud Security Posture Management Solution to Empower Security Teams

RedSeal Stratus identifies unintended exposure to the Internet, creates a connectivity visualization of your cloud architecture, and helps you understand your Kubernetes Inventory

Building on more than a decade of award-winning cybersecurity analytics we are excited to launch RedSeal Stratus, our new Cloud Security Posture Management (CSPM) solution that stops unintended exposure of cloud resources to the Internet.

Cloud misconfigurations, which can leave resources unintentionally exposed to untrusted networks, are the major source of data breaches. To help security teams better manage the increased risk associated with increasing cloud complexity, RedSeal Stratus provides security teams with an out-of-the-box overview of Internet-exposed resources by tags, connectivity visualization between and within their Amazon Web Service (AWS) cloud resources, and inventory of AWS Elastic Kubernetes Service (EKS) resources.

While native Cloud Security Provider tools provide basic capabilities that may be sufficient for smaller cloud-first organizations, larger organizations who are probably hybrid, multi-cloud, and need advanced features should choose a third-party CSPM solution.

Current CSPM solutions simply call CSP APIs to determine if subnets are Internet-facing. For more accurate results, RedSeal Stratus identifies resources exposed to the Internet by calculating access through security control points from end-to-end.

Only RedSeal Stratus can calculate how an instance gets to the Internet, what security points it goes through, and through which ports and protocols. Other security products may show connectivity where there is traffic, using an agent-based approach, but only RedSeal Stratus can show you all connectivity possible including that without traffic–and without an agent. As a result, RedSeal Stratus is unique among native CSP and CSPM offerings by:

RedSeal Stratus is a cloud security solution for the modern day that provides security teams with a unified, interactive view of their AWS environments, including Kubernetes (EKS) inventory, and exposed resources that can lead to costly data breaches.

To learn more, visit www.redseal.net/stratus or Request A Demo.