Cloud-based security tools can hasten threat detection and response, but adoption will depend on where an enterprise is on the cloud readiness scale.
The pace at which threat actors are carrying out cyber attacks has been accelerating in recent years thanks to easy access to infection vectors through offerings like ransomware-as-a-service, rendering many traditional on-premise security tools ineffective.
According to CrowdStrike’s 2019 annual threat report, “breakout times” – the time for attackers to move laterally in a network after the initial compromise – now average almost 19 minutes for some Russian cyber espionage groups.
“Depending on who you’re dealing with, one of the things that’s becoming very clear is your ability to beat the adversarial breakout time,” said Jagdish Mahapatra, CrowdStrike’s managing director for Asia. “The more you rely on on-premises technologies, the more you’ll be in trouble.”
Mahapatra offered two reasons for this. The first, he said, was that most on-premise security tools have defined perimeters in which they work, which means they don’t offer real-time visibility of threats outside those boundaries that may impact an organisation.
Second, even if the tools can detect such detects, the hardware and software performance of on-premise systems may not be good enough to help an organisation respond faster to shrinking breakout times, Mahapatra said.
“Hence, building a high-fidelity detection platform on a cloud-native architecture was our absolute conviction – and that’s giving us a significant advantage and a strong position to help our customers.”
In Asia, Mahapatra said enterprises across industries including manufacturing and financial services are opening up to cloud-based security tools, with CrowdStrike seeing “massive adoption rates” in South Asia, Taiwan, Hong Kong, India and South Korea. The cyber security firm offers a cloud-based platform that lets enterprises consume different services such as threat intelligence and endpoint detection and response (EDR).
According to the Cloud Security Alliance (CSA), the benefits of cloud-based security are not too different from those that are driving the move to cloud-based infrastructure.
“That would include greater business agility, data availability, collaboration, simplicity of updates and cost savings,” the CSA told Computer Weekly. “The scale stemming from cloud service providers’ extensive and distributed infrastructure also provides the economies of scale and performance that are beneficial in protecting enterprises against attacks such as distributed denial of service attacks.”
However, the CSA said the adoption of cloud-based security tools is often a function of where an enterprise is on the cloud adoption readiness scale.
“Without the right organisational mindset, governance and compliance, architecture, skilled manpower, understanding of service level agreements and the shared responsibility model, just to name a few, an enterprise is essentially not yet ready to take on anything cloud-based.
“Just like you cannot port an enterprise’s on-premise infrastructure to the cloud overnight, the same applies, even more so, to security. Of course, if an enterprise’s infrastructure is not fully cloud-based, there will be some areas of security that would still practically require some form of on-premise and hybrid solutions.”
Industrial control systems used in critical infrastructure, for one, are likely to remain on-premise for some time due to security considerations. In Australia, such systems came under the spotlight recently when Australian prime minister Scott Morrison revealed that the country’s critical sectors were under repeated cyber-attacks by nation-state threat actors.
To address the security needs of operational technology (OT) systems, Mahapatra said CrowdStrike works with partners such as OT security specialist Dragos through the CrowdStrike Store to bring third-party security capabilities to its platform.
Broad considerations
Before settling on any cloud-based security service, there are a number of broad considerations to bear in mind.
First, enterprises need to evaluate the pros and cons of each service delivery method and how it fits into the current security infrastructure – and, critically, the future strategy of the business, said Simon Piff, vice-president of IDC’s IT security practice in Asia-Pacific.
Enterprises should also consider their ability to manage these offerings effectively, because having a broad range of supplier products inevitably leads to complexity and inefficiency. They should also take into account the regulatory environment in which they are operating.
Piff noted that some industries have more regulatory hurdles than others and with privacy emerging as a bigger issue in Asia than it has in the past, enterprises should consider data management as part of their cloud-based security portfolio.
This article originally appeared on ComputerWeekly.