Leveraging XDR for Cloud Workload Protection

The worldwide public cloud computing market is projected to reach nearly $500 billion USD this year, with projections to clear nearly $600 billion next year. It’s no surprise, given that nine out of ten survey respondents reported using at least one cloud service. 

With so much cloud adoption, cloud security services are in high demand. However, they’re not all created equal, and they don’t all do the same things. So, how can an Extended Detection and Response (XDR) solution secure your cloud-based assets?

Cloud Security 101

Gartner defines cloud security as “the processes, mechanisms and services used to control the security, compliance and other usage risks of cloud computing.” Pretty straightforward, and it is important to note that “the term does not encompass security services delivered from the cloud (security as a service) that are intended to be used outside the cloud.” 

So, what are some of the key elements in securing the cloud? Infosec Institute lists five to note: 

  • Privileged Account Access: Defined “the most important security control” for the cloud, especially when it comes to cloud platform administrative accounts. Two tips are to not use general account names like “admin” in order to keep users accountable, and to investigate any login attempts that are anomalous.
  • Data Exfiltration: Cloud security needs to include prevention of data exfiltration, arguably one of the main motivations for attacks on cloud-based assets. And, once the cloud is compromised, the attacker often drills down to on-premises resources, exfiltrating that data as well. 
  • Suspicious Network Connections: Monitor network connections for evidence of remote access tool (RAT) communications, remote and local file injections, SQL injections and other suspicious activity. Since most cloud-based traffic is encrypted, an Intrusion Detection System (IDS) will be of little use without SSL decryption (and the compliance issues that come with it).
  • Man-in-the-Cloud Attack: An authentication token can live on a device like a phone or laptop and can be used to authenticate through a bait and switch spear phishing campaign to an attacker-controlled server, thereby uploading the user’s data directly into malicious hands. Monitor connections to unknown cloud instances for an ounce of prevention, using endpoint monitoring or a Cloud Access Security Broker (CASB).
  • Unsecured Storage Containers: Monitor all access into your cloud containers and data buckets and any data being accessed from them. Proper cloud security considers Kubernetes and means your data repositories - virtual machines, containers and clusters - are secure. 

To provide government-backed best practices for cloud migration and the data protection that comes with it, CISA released their Cloud Security Technical Reference Architecture, which outlines the shared risk model for cloud service adoption, how to build a cloud environment, and how to secure it. 

Generally speaking, cloud security controls are relatively straightforward: it’s simply securing your assets in the cloud in a “lift and shift” model, which can operate on the assumption that you’ve got one cloud of one variety (private or public).

Hybrid Cloud and the Rise of Microservices

However, in today’s IT environments, more complex cloud implementations arise. Companies are using private clouds, public clouds and hybrid clouds, which Gartner refers to as “a mixture of internal and external cloud services.” 

In 2020, the hybrid cloud market was valued at over $50 billion, and by 2026, it is projected to clear $145 billion, according to Statista. A Cloud workload Protection Platform (CWPP) is built for the cloud use-cases of today, as 87% of organizations that use the cloud have a hybrid cloud strategy, according to research cited by TechPriceCrunch. As well, 96% of organizations surveyed reported using or evaluating Kubernetes, according to the Annual Survey 2021 by the Cloud Native Computing Foundation

Hybrid or multi-cloud adoption continues to trend upwards and as a result, increasing cloud security requirements. Last year, 73% of security enterprises reported using two public clouds, and 26% percent were using three or more, according to one study. CIO Online notes that multi-cloud users see a 42% faster rate in application release and subsequent 35% increase in revenue, and four in ten spent less time on IT infrastructure and security incidents, so the benefits are obvious. 

Microservices adoption is another primary driver of cloud complexity. Kubernetes has almost become synonymous with containerized services, microservices and VMS, and continues to skyrocket. 

According to the same CNCF survey, nearly 70% reported using Kubernetes in production, and roughly 30% of backend developers use it. It makes sense, given that over half of IT professionals surveyed expect it to lower their costs by upwards of 20%, according to a report by Pure Storage. 

And, of those Kubernetes users, nine in ten leverage cloud-managed services, reports DataDog: “Today, almost all containers are orchestrated, with Kubernetes used by over half of organizations.” And, according to another industry survey, “Respondents who used containers to deploy and manage microservices were significantly more likely to report success than those who didn’t.” 

When considering companies are using more clouds (hybrid, multi), and are doing more within those clouds (microservices), it becomes apparent that increasingly complex usage instances demand cloud security considerations that can scale, and that’s where XDR comes into play. 

XDR for Cloud Workload Protection

An XDR solution for Cloud Workloads accounts for these complexities of cloud usage today, securing all cloud-based assets - be it single cloud, hybrid cloud or multi-cloud, and in various microservices-oriented and serverless architectures. 

Gartner defines CWPP as “a “workload-centric security solution that targets the unique protection requirements” of workloads within a modern enterprise, which have grown to include not only physical servers, but containers, virtual machines (VMs) and serverless workloads. 

This growing complexity demands increasingly complex cloud-based protection that can keep up. A robust solution should offer: 

  • Discovery of workloads deployed on-premises or in a public cloud
  • Straightforward management options for workloads
  • Vulnerability assessments on all cloud workloads
  • Security policies such as integrity protection, whitelisting, and host-based intrusion prevention
  • Ability to incorporate into the CI/CD pipeline addressing security early in the process

An XDR solution for Cloud Workloads should also support Zero Trust for cloud environments, providing the following benefits:

  • Finding and managing workloads in a hybrid or multi-cloud setting
  • Implementing security controls at run-time or in development
  • Securing migration from on-premises to the cloud
  • Security for VMs, servers, serverless, on-premises, hybrid and multi-cloud
  • Ability to scale with shifting workload and security demands

An XDR solution for Cloud Workloads not only allows you to securely (and confidently) accelerate development of cloud-native applications, but allows you to fully access the resources, technologies, and capabilities of the cloud without unbounded by security limitations and at the speed you can scale.

Cybereason XDR for Cloud Workloads secures cloud workloads, containers and hosts at unmatched speed and planetary scale. Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Anthony M. Freed
About the Author

Anthony M. Freed

Anthony M. Freed is the Senior Director of Corporate Communications for Cybereason and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

All Posts by Anthony M. Freed