Cloud hacking is a major problem. In 2018, cybercrime cost the global economy an estimated $600 billion – about 0.8 percent of global GDP.
How to combat this? With application security that is specifically designed to combat the approach taken by attackers. Cloud hacking actors use a systematic method known as the seven-step kill chain. If an attacker is able to complete all seven steps of the kill chain, the results can be devastating for an organization. Completion of all seven steps results in a successful attack. The kill chain looks like this:
Vulnerabilities to Cloud Hacking
The standard ways to try and disrupt the hacker’s kill chain that drives cloud hacking is to implement solutions like next-generation firewalls, anti-virus software, or multi-factor authentication. However, none of these are anywhere close to being foolproof. Additionally, for developers, organizations have the added competitive pressures to introduce new end-user features, which has encouraged the adoption of open source software. It is now estimated that up to 60% of deployed code may now be open source software, which is often not thoroughly reviewed or well understood for security vulnerabilities.
The Hacker’s Kill Chain
All cloud hacking begins with stage one of the kill chain, where the hacker is identifying an exposed target,. They commonly use a tool like Nmap, an open source security scanning tool that probes networks, including the Internet, and discovers hosts that respond to TCP connection requests and/or ICMP (ping) requests. Nmap or a similar tool discovers any open ports and reports on the operating systems and services that it finds. To try and protect themselves from this, companies turn off ICMP altogether, and create multiple security zones. But the hackers are still getting in.
Hybrid Cloud Adoption
At the heart of the problem is the fact that – with the widespread adoption of hybrid clouds that span on-premises resources, public clouds, and SaaS resources – the attack surface is bigger than ever. So cloud hacking is easier than ever. With services ramping up and shutting down constantly, static rules that permit or deny access are obsolete mere moments after they are written. When an application is comprised of hundreds of containers and microservices, the sheer number of firewall rules and network equipment settings required to establish perimeter security is mind boggling. It’s hard to find a perimeter to secure, or to have clear visibility into the security posture for the distributed application.
How Identity-Powered Security Offers the Best Protection
The nature of the seven-step hacker kill chain means that the wisest way to stop cloud hacking of cloud-native applications is through Aporeto’s identity-powered security posture.
Rather than utilize the outdated perimeter security model, which relies on firewalls and other network security solutions, Aporeto utilizes the Zero Trust Security Model as recommended by NIST (National Institute of Standards and Technology). With Aporeto in place, application services only respond to probes from known and authenticated sources, so all of the doors except public-facing Web servers are automatically locked.
To enforce Attribute Based Access Control (ABAC), each Linux process, Docker container or VM must present their Trust Profile, which includes information such as who (as verified by authentication), where (network address), what (a service, resource, etc.), metadata (from Linux processes, Dockerfiles, containers, Kubernetes, VMs, etc.), reputation (from ratings services), and behavior (from past history running in the environment). The Trust Profile is constructed automatically by watching the running application to identify the parties requesting access, providing far more comprehensively protection from cloud hacking than in the old Role Based Access Control (RBAC) model.
With the Aporeto model, all the ways into the house are closed, locked and protected. There is no way for hackers to sneak in. Find out more at aporeto.com.