Credit: ID 122726979 © Josefkubes | Dreamstime.com
With organisations moving escalating volumes of data to the cloud, cyber security strategies need to be augmented with next-generation technologies that can provide increased levels of automation and boost threat-protection capabilities.
The growing trend towards the use of cloud applications has changed the game and significantly raised the cyber security stakes for organisations around the globe.
The cloud is designed for ubiquitous access, meaning that company data is effectively accessible at any time and from anywhere. When employees have such flexible access to corporate information, it enhances agility within the organisation but also increases the risk of user error, data leakage events, and malware infections.
Unfortunately, traditional cyber security tools were not built with this new dynamic landscape in mind. As such, the cloud-first enterprise needs to look towards modern security solutions capable of protecting data in the cloud.
Managing end-user devices through the installation of agents cannot deliver complete security. This is primarily due to the rise of bring your own device (BYOD) policies and mobile apps, both of which enable employees to access company applications outside of ‘normal’ working hours through personal and third-party devices. Unsurprisingly, cyber criminals are using this shift as a new way to attack company data.
While Australia’s OAIC data breach notification regulations place significant obligations on organisations to protect their data wherever it may be, users often fail to insulate their personal devices from threats like malware. When infected BYO devices access corporate applications, or infected files can be shared unchecked, malware can quickly spread throughout an enterprise.
While some public cloud providers offer basic capabilities to detect some threats in the cloud, their effectiveness is often limited and varies widely between apps.
During a recent security study, my company’s threat research team used ShurL0ckr, which was a new variant of the Gojdue ransomware, to test the built-in malware protections of Google Drive and Microsoft Office 365. Although these common cloud applications were aware of Gojdue, neither could recognise the zero-day ShurL0ckr variant as malware. In other words, their defences failed when faced with an unknown threat – even though it was based on an existing, known threat.
It’s baffling that so many anti-malware technologies continue to be based upon a reactive approach in which files are scanned for human-written signatures associated with known threats.
This methodology is incapable of detecting new malware variants for which signatures do not yet exist – it is completely reliant upon the speed with which new signatures can be manually defined and included within the tool’s catalogue of threats. As such, signature-based protections fail to properly protect firms from falling prey to attacks.
Machine-learning algorithms
When it comes to securing data in the cloud, companies face a multi-faceted challenge that blends flexible data access methods, large numbers of users, and a myriad of devices.
Compounding this situation further is the fact that hackers are growing in both number and sophistication – their methods are evolving quickly and continuously. To address all of these risk factors, enterprises must look beyond what they’ve been used to and embrace agile, adaptive, robust protections. In other words, they must adopt next-generation security technologies.
Already widely used in speech-recognition software and ERP systems for data management, machine-learning algorithms are being leveraged in cloud security solutions in order to enable enhanced threat detection and real-time security.
Rather than scanning files for the signatures associated with known malware, solutions that leverage machine learning perform an extensive property and behaviour analysis in order to detect even zero-day threats and automatically apply pre-defined responses.
With a selected cloud access security broker deployed, if a file is identified as a probable threat, it can be blocked in real time at upload to the cloud or at download to any device – without the use of endpoint installations or agents. Additionally, if an infected file already exists in one or more cloud apps, it can be detected at rest and quarantined.
This approach offers integrated security that consistently protects corporate data across every cloud application and device utilised throughout an enterprise, reducing the threat of infection, business disruption, and data theft.
Next-generation machine-learning algorithms are ideal for the cloud-first world because large data volumes are the most important condition for their reliability. These ‘intelligent’ solutions are able to take in high volumes of data from high-traffic environments so that they can acquire the experience necessary to make the right decisions and take the appropriate actions in a variety of scenarios.
In other words, as these tools are presented with more and more information, their accuracy increases drastically.
This makes the use of machine learning the logical response to the growing amount of data and the ever-evolving threats in the cloud. Enabling organisations to adopt any cloud application securely, machine-learning solutions can help secure data despite advanced malware, ill-advised user behaviours, and an endless number of unsafe devices.
Today’s security professionals need to challenge the status quo, think differently, and embrace new tools rather than just deny vendor claims or critique the marketing of next-generation solutions – which, admittedly, can be difficult at times. Many of these solutions offer a highly scalable and effective approach that marks the next step in securing the modern enterprise.