• Tue. Nov 26th, 2024

Securing the heart of your infrastructure: A comprehensive hybrid approach to server protection

Byadmin

Oct 29, 2024



Cloud computing’s advantages are ubiquitous in today’s digitally dominated landscape. More than 80% of organizations leverage Microsoft Azure or Amazon Web Services (AWS) today.

However, securing these dynamic environments remains a challenge for many. Cloud servers in particular are one of the most common vectors targeted by threat actors because they are often used to store organizations’ sensitive credentials, data, and business-critical applications. Protecting cloud servers carries some of the same challenges and threats as traditional on-premises servers, but there are also cloud-specific nuances that security teams must address by adding an additional security layer on top of the traditional endpoint protection.

A multi-layered security approach that integrates agent-based and agentless technologies enables real-time threat detection, attack disruption, and proactive posture management, allowing security teams to proactively and reactively respond to threats.

Protecting virtual machines (VMs): A complex challenge

Both VMs and the cloud environments in which they operate are highly dynamic. And while this dynamic nature is great for business scalability, it can also increase the size of your attack surface. Because of their ability to be provisioned on demand, VMs often have shorter lifespans compared to traditional on-premises servers. This makes it more difficult to deploy and manage traditional security agents that are designed for long-term installations.

Furthermore, traditional security solutions often focus on protecting the operating system (OS) of a VM. However, in modern cloud applications, servers are prone to threats resulting from traditional vulnerabilities and misconfigurations within the VM operating system and outside of it, in the cloud management plane. This requires a more holistic approach to security that addresses the entire stack, including the management plane, networking configurations, and more. Additionally, because cloud servers are not siloed environments, real-life attacks can hop between the server operating system and the rest of the cloud or vice-versa. This further underscores the need for a holistic cloud server approach. Research from Microsoft’s 2024 State of Multicloud Security Risk Report found that the average multicloud estate has 351 exploitable attack paths that lead to high-value assets. Over 70% of malicious entities are active for less than two hours, so defenders have a limited amount of time to detect and respond to these threats.

Threat actors are actively capitalizing on these challenges. For example, Octo Tempest is notorious for deploying methods—including cloud-native attack tactics, techniques, and procedures (TTPs)—to navigate in and out of cloud environments, including exploitation of cloud management tools to compromise servers. Upon achieving access to the cloud through compromised credentials or social engineering schemes, the group will often move laterally into vulnerable VMs where they can compromise and ransom valuable business resources.

Defend servers in any environment with integrated agent and agentless capabilities

To safeguard servers in the cloud, organizations must adopt a hybrid approach that combines proven security practices like endpoint protection agents with cutting-edge cloud-native agentless solutions. This approach delivers the best of both worlds and empowers teams to protect all environments, whether on-premises, hybrid, or multicloud.

Server protection with a single agent for endpoint security provides automatic VM discovery as well as real-time detection and disruption of attacks. The agent’s performance is optimized for servers. By contrast, cloud-native agentless capabilities provide wide, frictionless coverage on multicloud servers. This agentless approach offers instantaneous visibility into posture issues, cloud-native detections, and potential attacks without requiring a dependency on workload owners. When used in tandem, the agent provides fundamental endpoint security and real-time capabilities while the cloud-native agentless approach complements the cloud’s unique needs to provide wider visibility where agents are difficult to deploy.

As organizations continue to migrate operations to the cloud and expand their digital footprint across complex hybrid and multicloud environments, they need a comprehensive solution that can seamlessly protect against on-premises and cloud-specific security threats. By integrating a unified agent and agentless approach, security teams can deliver in-depth protection with frictionless, broad coverage across multicloud servers.

For more information, visit Microsoft’s cloud security solutions page.



Source link