Why Monitoring Alone is Not Enough in Cloud Security
Brian Krebs wrote a detailed article on megabreaches. His article highlighted cloud storage provider, Dropbox.
The big question: How can we ensure accuracy and maximize effectiveness of automated security solutions?
The answer: Comprehensive threat intelligence.
Monitoring alone is not enough to correctly identify and remediate a breach. And, while human supervision will always be part of the security equation, the overwhelming amount of data accessible from cloud providers makes it impossible for security personnel to identify and remediate all threats.
Here’s 3 ways organizations can use threat intelligence to enhance their current security measures and go beyond simply monitoring their cloud environment:
- Require multi-factor authentication: Patrick Heim, head of trust and security at Dropbox, told Krebs that less than 1% of their user base has two-factor authentication enabled. Single-authorization sign-ons are much easier to attack, so organizations can mitigate this risk by requiring all employees to enable multi-factor authentication when accessing sensitive data. Multi-factor authentication gives the end user more visibility into potential attacks on their account, and they’ll change their password before a breach occurs. But how do you ensure that multi-factor authentication is required at all times? A cloud security automation platform continuously monitors security configurations to alert security personnel when changes are made, and automatically creates incident tickets to revert security configurations back to the default setting.
- Configure password policies and strength to maintain password integrity: Many people use the same password to log into multiple service providers, and most do not regularly update their passwords. Organizations should configure password policies to ensure passwords expire every 90 days, and cap the number of recycled passwords that can be used. An automated security system enforces password strength requirements to reduce the likelihood of a breach. These systems can flag changes to the password settings, which might indicate an insider threat or hacker access to your system.
- Utilize comprehensive threat intelligence: In order to focus on the most credible threats, your security team needs clear, actionable information. Using key security indicators in your automation program can consolidate and correlate data to provide instant insight into the security posture of your cloud services. By setting up custom notifications for likely threat scenarios, security teams can focus on the most immediate threats instead of chasing down potentially useless information.
It’s not enough to simply monitor cloud services or have a “set it and forget it” mindset about security configurations. Instead, companies must leverage cloud security automation to bring the most immediate and credible threats to the attention of the security team.