Simon Whitburn
Senior Vice President Cyber Security Services
All the major players in the tech market offer cloud-based storage and applications – Apple, Google, Microsoft, IBM, Oracle and more. The undisputed market leader is Amazon; not seen by the public as a technology company, but successfully selling a tool and service initially developed internally, for its own use.
With so many tech giants endorsing cloud computing there’s a tendency for organizations to relax about security, relying on cloud providers to deal with it.
Just like non-cloud environments, human or organizational factors can leave systems open. But there are three technology-based risks that cloud computing faces, largely because of its relative immaturity:
- Unprotected IoT devices targeting cloud infrastructures
- Insufficient security tools and tests
- Vulnerable systems and APIs
Recently Amazon, Google and Microsoft all launched anomalous behavior detection services to raise the level of monitoring and reporting on their platforms. Smaller cloud providers may not be able to provide these tools, but they do need to be as secure as possible to protect customer data and service levels.
IOT devices
The expected proliferation of IoT devices will enable large-scale attacks on cloud services unless the appropriate security tools are in place and available to cloud users.
While attacks on IoT devices to discover vulnerabilities are technically similar to the infection of PCs, IoT device preparation is heavily automated, as is patching and other maintenance. This means one error that leaves a type of device open to being exploited could spread much further and faster, through hundreds of thousands of similar devices.
The scale and spread of attacks from compromised IoT devices has the potential to be much wider and more effective than current botnet attacks. Fast detection and prevention of threats will therefore be of paramount importance.
DNS analysis – detection and speed
When it comes to insufficient security and systems vulnerabilities, DNS functions deserve more attention.
Sited at the borders of every sizeable network, DNS is an easy target for malware. Most DNS servers use open source software, so the code can be examined by anyone, and firewalls often let DNS packets through by default. But this also makes DNS systems excellent places where threat analysis and detection can be performed.
Looking at patterns of DNS traffic as well as the contents of DNS packets means putting a stop to a wide variety of attacks before they start. These can include DDoS attacks, phishing, data exfiltration by DNS tunneling, cache poisoning. But using AI as well, to detect out-of-the-ordinary traffic patterns, will uncover and highlight many new or lesser known attack techniques.
Applying protection to the cloud
Already in use in ISP environments and protecting governments, Nominet’s DNS-based security products play a vital part in protecting network infrastructures of all kinds. The data collection module streams packets into a data warehouse in a number of formats; here an aggregator can query the files without causing data flow bottlenecks.
From the cloud perspective there are two places where Nominet can protect – within a cloud provider’s network or on the network of an organization using the cloud. In the latter instance protection will be afforded to all network traffic, regardless of whether it is cloud related or not.
Nominet’s active defense products and services already protect large organizations from business-critical threats.
To find out how you can protect your cloud data more, get in touch now.
