With a growing number of companies adopting cloud-only technology vs on-premises, last year saw a rise in cloud security breaches, as well as vulnerabilities exposed by simple user misconfiguration. Gaining valuable insight via machine learning and artificial intelligence through log collection is only the first step in detecting anomalies and potential cloud-based security threats.
Detecting insider threats via UEBA is one such strategy, as any user with access to cloud resources could quickly and easily exfiltrate data. This includes privileged users, as well as regular users with basic access to read and download sensitive documents, which may potentially result in exfiltration. Monitoring for any abnormal authentication activity, specifically unusual logins, and logins at irregular times of day or from suspicious locations should be performed, after a baseline for the cloud provider has been established.
The level of activity recorded in the relevant logs depends on the cloud provider or service. At a minimum, detection tools should be looking for any abnormal usage of elevated commands, including configuration changes that may result in system-wide changes. DLP technology that specifically works with cloud services should also be adopted to protect sensitive data. Using a SIEM to aggregate the various log files from all these technologies will enable increased visibility and faster detection rates. Establishing a baseline is key to reducing alarm fatigue, enabling your SOC analysts to concentrate on hunting for threats, rather than being the hunted!
The US economy could lose an estimated $15 billion if a major cloud provider were to suffer a major cyberattack that disabled it for a few days, according to a report published Tuesday by Lloyd’s, the London-based specialist insurance market, and AIR Worldwide, a risk modeler. The $15 billion figure is the estimate for an “extreme” incident whereby the largest cloud provider studied would be down for three to six days. In a “very extreme” six- to 11-day incident, the estimated losses are nearly $20 billion.