By now, organizations know what on-premises security tools they need, but when it comes to securing the cloud, they don’t always understand which cloud security tools to implement.
While many traditional on-premises tools and controls work in the cloud, organizations should consider four newer cloud security tools designed to handle unique challenges that arise from cloud usage.
Read on to learn more about each cloud security tool, as well as top sellers for each. The tools and vendors were selected based on first-hand experience with consulting clients, as well as vendor demos and product management insights. This list is not ranked in any way.
1. Cloud security posture management tools
Organizations must implement cloud security posture management (CSPM) tools and services, especially in multi-cloud environments. CSPM tools help automate discovery, monitoring, and remediation of misconfigurations and compliance risks in the cloud.
Most leading cloud service providers have basic service offerings in this category, including Amazon GuardDuty, AWS Security Hub, Microsoft Defender Security Center, and Google Cloud Security Command Center. For smaller or less complex organizations, especially those fully invested in just one cloud environment, these native services may be sufficient to manage misconfigured assets, missing best practices, or exposed assets and services.
Larger enterprises and those in more than one cloud warrant a third-party tool to help centralize the monitoring, reporting, and remediation of vulnerable and poorly configured cloud infrastructure.
CSPM tools include the following:
Wiz works in hybrid cloud deployments, features over 1,400 cloud misconfiguration rules and offers compliance monitoring. Orca Security monitors cloud workloads, misconfiguration and policy violations, container security and more for the software development lifecycle (SDLC). Sysdig helps discover and fix misconfigurations, perform attack path analysis and more.
2. Cloud-native application protection platforms
Organizations should also consider cloud-native application protection platforms (CNAPPs). This category is rapidly growing to include cloud workload protection, some CSPM capabilities, and data and identity-related security controls, as well as DevOps pipeline security controls.
CNAPPs fill the gaps where traditional security processes cannot provide adequate prevention, detection and response for cloud-native workload types such as containers, Kubernetes services and serverless functions. Additional CNAPP features, such as assessment of infrastructure-as-code and container workload images in the pipeline, also help spot issues before deployment.
CNAPP software includes the following:
Sysdig offers cloud detection and response, vulnerability management, posture management, and permissions and rights monitoring. Aqua provides software supply chain security, vulnerability scans, and detects and responds to attacks and threats in the SDLC. Palo Alto Networks’ Prisma Cloud helps discover and fix security flaws in code repositories, protect runtime cloud workloads, and defend against zero-day vulnerabilities.
3. Security service edge tools
Organizations moving to more cloud-based infrastructure and making heavy use of SaaS offerings should look at security service edge (SSE), sometimes combined with the larger category of secure access service edge, which includes software-defined WAN offerings.
SSE helps offload traditional security controls such as network firewalls, content filtering proxies, data loss prevention, and end-user access controls. The cloud security tool provides authentication and authorization alignment for a cloud service instead of a traditional VPN to the data center, which is often tied to no-trust network access. This improves flexibility and performance for end users who primarily use cloud tools instead of on-premises resources.
SSE products include the following:
Zscaler SSE provides policy-based access to applications and services for users, customers and third parties. Netskope Intelligent SSE provides detailed policy security enforcement to protect workflows for users with data protection features and threat protection. Palo Alto Networks’ Prisma Access secures cloud application traffic through a standard policy framework to reduce data breaches and data exfiltration.
4. Cloud infrastructure capacity management tools
Another tool to consider is cloud infrastructure competency management (CIEM). All assets in PaaS and IaaS clouds have some kind of identity orientation, and identity and access management (IAM) policies can spread quickly, often with excessive privileges. CIEM can help automate this.
Smaller organizations may be able to get away with using the native cloud provider services that evaluate identity roles and policies, for example AWS IAM Access Analyzer. Larger organizations with many cloud resources and complex deployments can benefit from CIEM tools that evaluate identity relationships and policies, report on potential attack paths and excessive privileges, and correct issues when discovered.
CIEM tools include the following:
Tenable CIEM helps identify and monitor access and permissions, automates analysis and remediation efforts, and keeps an inventory of all identities, rights, and resources. Sonrai Security helps identify and fix unknown administrator accounts, clean up old and unused identities, and implement least-privilege access policies. CrowdStrike Falcon Cloud Security monitors and remediates security issues, including disabled MFA, identity misconfigurations and account compromises, and detects and responds to identity-based attacks.
Worth considering: SSPM and DSPM
Many of these cloud security tools are evolving and even converging into new, consolidated product suites that can easily change over the next few years. The common element of all the tools mentioned is to address security challenges unique to cloud deployments.
A few emerging cloud security tools that may be worth adopting in the future are SaaS Security Position Management (SSPM) and Data Security Position Management (DSPM), but the four listed here are at the top of many cloud security teams’ lists today.
Dave Shackleford is founder and principal consultant at Voodoo Security; SANS Analyst, Instructor and Course Writer; and GIAC technical director.
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news