Aggregator

Cloud-native workloads introduce a unique set of challenges that complicate traditional approaches to vulnerability management. Learn how to address these challenges and scale cloud-native VM in your org.

As enterprises continue their migration to cloud-native architectures, the need for advanced vulnerability management (VM) strategies tailored specifically for cloud has intensified. The complexities inherent in cloud-native workloads – including microservices, containers and serverless functions – render traditional VM approaches ineffective. This blog outlines the strategic necessity for cloud-native VM, the challenges specific to these environments, and pragmatic guidance for initiating and scaling a robust VM strategy.

Why do we need cloud-native vulnerability management? Why now?

The ongoing shift to cloud-native architectures compels us to evolve our VM practices. Traditional monolithic applications no longer dominate technology stacks, with distributed microservices and dynamic, scalable environments becoming the new standard. This change brings new threats that require sophisticated, continuous and context-aware security processes and tools.

These are the key drivers for cloud-native VM:

• Dynamic and abstracted workloads: The transient nature of cloud-native components, which are often spun up and down in minutes, necessitates a shift from periodic scanning to real-time monitoring and mitigation.
• Expanded attack surface: The exponential increase in microservices and APIs significantly expands the potential attack surface, requiring more granular and continuous vulnerability assessments.
• CI/CD acceleration: The accelerated pace of deployment in CI/CD pipelines demands equally rapid and automated security processes, ensuring vulnerabilities are addressed before they reach production.
• Shared responsibility in cloud security: Cloud providers and customers share the responsibility for security in cloud environments, requiring organizations to first precisely identify their duties, then execute comprehensive VM strategies that complement provider offerings.

Navigating the challenges of the cloud

As stated earlier, the attack surface exponentially expands in the cloud. Let’s dive into the specific of a few highly vulnerable cloud domains. 

1. Container vulnerabilities: Containers share software components, which can propagate vulnerabilities across multiple instances if not adequately managed.
2. Infrastructure-as-code (IaC) risks: Misconfigurations in IaC can lead to control-plane vulnerabilities, accelerating the need for secure coding practices and IaC auditing.
3. Multi-cloud and hybrid complexity: Managing vulnerabilities across diverse cloud environments with different security controls and best practices introduces additional layers of complexity further driving the need for a unified VM strategy.
4. Transient workloads: The ephemeral nature of cloud-native resources demands continuous, automated security monitoring rather than reliance on periodic scanning.

Initiating and scaling cloud-native vulnerability management

Security and risk management leaders or professionals embarking on a cloud-native vulnerability management strategy should:

1. Start with comprehensive visibility:
   • Asset discovery and inventory: You can’t secure what you can’t see. Start by ensuring you have a comprehensive inventory of all assets across hybrid, multi-cloud environments, from development to production, including containers, virtual machines, serverless functions and APIs.
   • Continuous security monitoring: Adopt agentless tools that enable continuous monitoring and assessment of your cloud-native assets, providing real-time insights into potential vulnerabilities.
2. Integrate security early in the development lifecycle:
   • Security in CI/CD pipelines: Embed security controls into CI/CD workflows to detect and address vulnerabilities early in the development lifecycle, reducing risk before deployment.
   • Automated pre-deployment testing: Deploy automated testing tools to identify vulnerabilities in code, container images and IaC templates before they are elevated to production.
3. Adopt cloud-native security tools:
   • Container and Kubernetes security: Use security platforms designed for container environments that offer features such as real-time scanning, image verification and runtime protection.
   • Cloud-native application protection platforms (CNAPP): Implement CNAPP tools to continuously monitor cloud configurations, prioritize risks and ensure compliance across multi-cloud environments.
4. Scale through automation and cross-platform standardization:
   • Automated vulnerability remediation: Quickly remediate identified vulnerabilities, minimizing the window of exposure and enhancing overall security posture by automating remediation workflows where appropriate for your risk appetite.
   • Standard policies across cloud platforms: Use exposure management techniques and policy-as-code (PaC) to maintain consistent security policies and enforcement across multi-cloud and hybrid environments, ensuring scalability and consistency
   • Risk-based Prioritization: Use technologies such as attack path management and toxic combinations to prioritize vulnerabilities based on their risk to critical assets, focusing on high-impact threats.

Your cloud-native vulnerability management action plan:Monday morningIn the next 90 daysIn the next  12 months

Define roadmap for implementing cloud-native VM best practices: 

• Consult and partner with dev teams.
• Define cloud VM requirements that are aligned to your organizational risk tolerance.
• Run short trials of agentless. technologies and assess against requirements.

Scale to multi-cloud: 

• Map out CI/CD pipeline, tools and integration needed.
• Start scanning for known vulns in image and container OSS components first.

 

Secure and mature: 

• Mature across multi-cloud by adopting a CNAPP solution.
• Iterate on process to incorporate and refine exposure management program.

 

Conclusion

Cloud-native VM is not just an operational necessity; it is a strategic imperative for organizations seeking to secure their cloud deployments in an increasingly complex threat landscape. By understanding the unique challenges of cloud-native environments and adopting a methodical, scalable approach, organizations can build a resilient VM program that supports their cloud ambitions. Continuous evolution, driven by automation, DevSecOps integration and iterative improvements will be essential in maintaining a robust security posture in the cloud.

For more information on vulnerability management in the cloud watch the webinar “A Cyber Pro's Guide to Cloud-Native Vulnerability Management: Start, Scale, and Secure with Confidence” and check out the data sheet, “Cloud Workload Protection (CWP): Vulnerability Management built for multi-cloud environments.” 

Ошибка в коде vCenter Server открыла двери для удалённого взлома.

法定退休年龄计算器法定退休年龄计算器是一款由国家社会保险公共服务平台推出的在线法定退休年龄计算器，按照《关于实施渐进式延迟法定退休年龄的决定》附表对照关

A vulnerability was found in Pheap 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file settings.php. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2007-2985. The attack may be launched remotely. Furthermore, there is an exploit available.

Europol headed up an international law enforcement operation against the operators and users of Ghost, an encrypted messaging app that was used by criminal organizations worldwide for drug trafficking, money laundering, and threating to kill or harm people.

The post International Raids Shut Down Ghost Encrypted Messaging App appeared first on Security Boulevard.

Kill-doc是一款免费的文档下载工具，能看见多少我能下载多少，适用于Tampermonkey或其他支持用户脚本的浏览器扩展。它可以下载公开免费的PP

短信转发器——不仅只转发短信，备用机必备神器！监控Android手机短信、来电、APP通知，并根据指定规则转发到其他手机：钉钉群自定义机器人、钉钉企

Вредоносное ПО крадёт больше, чем кажется: опасность растёт.

Как новый алгоритм защитит пользователей платформы от троллей и фейков.

A vulnerability was found in imop Long 1.0.4 and classified as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6855. The attack can only be initiated within the local network. There is no exploit available.

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained an authenticated administrative session on the appliance, they can carry out any action that a legitimate administrator user would be capable of. This includes the ability to reconfigure settings on the appliance, or modify policies to allow … More →

The post Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) appeared first on Help Net Security.

Picus Security announced it has closed a $45 million growth investment round led by Riverwood Capital with the participation of existing investor Earlybird Digital East Fund, bringing Picus’ total funds raised to $80 million. Picus has over 500 enterprise customers worldwide today, and this latest investment will advance Picus’ continued product innovation and expand customer success, sales, and marketing. Picus offers the only Adversarial Exposure Validation solution that brings together Automated Penetration Testing, Breach and … More →

The post Picus Security raises $45 million to help organizations reduce cyber risk appeared first on Help Net Security.

在上线二十年后，《魔兽世界》允许玩家独自一人完成故事。暴雪为《魔兽世界》提供了多种不同的难度，其中最困难的难度是 Mythic，半职业的硬核工会才能完成：之后是 Heroic、Normal

报告时间：2024年9月27日（周五）10:00-13:00 地点：A2003