Protecting Cloud Infrastructure from Ransomware Threats

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on print
Share on whatsapp

Eureka, Eureka!
That’s How to Protect Cloud Infrastructure from Ransomware

Like Archimedes, we can’t wait to tell people of our discovery.

Enterprises around the world have rushed to migrate to the cloud sensing the undoubted benefits that will come their way. But as we know, there will always be security threats. Vulnerabilities from misconfigurations will be ruthlessly exploited by increasingly sophisticated ransomware attacks and other cloud-based security threats.

Of course, enterprises have a variety of security provisions and tools in place for this very reason which produce and deliver alerts to the security team when there is a threat that needs attention. This has led to a huge jump in the number of alerts, particularly, as many of these third-party solutions aren’t integrated adequately.

It’s not out of the ordinary for companies to be dealing with 100,000 alerts and it’s not humanly possible for the security teams to pick through that sheer volume of alerts, firstly, with any speed, but also, with any confidence that they are dealing with those that carry the greatest risk to the security of the cloud infrastructure and the enterprise.

In an ideal world, the security teams would be able to detect and apply importance to alerts so that the most critical vulnerabilities could be dealt with and resolved first. In reality, they can’t. There is a huge disconnect between the security alerts being generated and actually be able to grade and manage them effectively.

This is compounded by the fact that up to three quarters of the alerts are false positives which inevitably leads to alert fatigue. It’s only human to feel that way after wasting countless hours triaging alerts that are false or perhaps are just minor true positives. And this happens throughout the industry, no company is immune.

Alert fatigue is a very real and concerning issue to cloud enterprises, so concerning in fact, that some enterprise cloud security surveys are reporting that up to 30% of alerts are now actually being ignored potentially leaving unseen threats to prosper.

Security teams overwhelmed by volume of alerts, unable to prioritise, false positives, alert fatigue, alerts overlooked, critical risks hidden – it’s a perfect storm for ransomware to take advantage of vulnerabilities in the cloud infrastructure.

So it begs the question –

Wouldn’t security alerts be more useful, and indeed welcomed, if you could identify and prioritise those vulnerabilities that pose the greatest risk and impact to the business?

And that became our Eureka moment.

Discovery realised, our ambition was then to actually deliver a mechanism that could identify and prioritise alerts based on risk and impact. That would require an industry first innovation in order to provide the risk context – misconfigurations can be identified but the challenge was to be able to measure and report on risks from associated or connected cloud resources.

The result is Risk Scoring.

Guaranteeing industry recognition and trust, it is based on the well-established, open and vendor neutral industry standard, CVSS (Common Vulnerability Scoring System) from First.org, in addition to C3M’s own proprietary intelligence framework. Risk Scoring now enables enterprises for the first time to quantify high-risk, high-impact threats in the cloud.

Security teams can now have the confidence they are dealing with, and resolving, the most critical alerts that will protect their cloud infrastructure from attacks like ransomware. The days of alert fatigue are over. It’s a huge technology development in cloud security and a much-needed evolutionary step forward that even Archimedes would appreciate.

Related Articles

C3M Playbooks

Playbooks bring Security Orchestration Automation and Response (SOAR) capabilities to the C3M Cloud Control Platform.

Read More»