Insights into Today’s Breaches and Cyber Attacks

Based on a year of lessons learned from the frontlines of incident response (IR), FireEye reported in M-Trends 2019 that "as more and more customers move to software as a service and cloud, attackers are following the data." With approximately 25 percent of FireEye Mandiant IR engagements involving cloud assets, FireEye has found that cloud users are being targeted more than the cloud infrastructure itself. In fact, many security incidents occur without any cloud hacking at all. Instead the attackers use phishing, client-side exploits, or victim missteps – and sometimes all three – to acquire valid credentials and authenticate to the cloud.

According to Jay Heiser, research vice president at Gartner, through 2022 at least 95 percent of cloud security failures will be due to customer errors. As a result, agency IT managers should understand certain characteristics about the cloud and what it means for their security operations. For instance:

• Cloud security is different and requires additional tools. Because the cloud is largely dependent on credential security and enforcing authorization, analytics becomes an organization’s primary detection method in the cloud. In addition to credential misuse detection, organizations require visibility into cloud misconfigurations and risky application usage that leave data vulnerable.
• Protect attacks across commonly exploited vectors. Phishing remains attackers’ method of choice for credential theft. Whether an organization is remaining on premise or moving to O365, strong email security is the first line of cloud defense. While the cloud does require new visibility into application logic as mentioned above, traditional email, endpoint and network visibility remain foundational. Organizations should seek consolidated visibility across their entire environment – be it fully on premise, hybrid, and/or multi-cloud.
• There are shared security responsibilities between the agency and the cloud provider. While the cloud provider is responsible for securing the cloud infrastructure, the agency is responsible for securing its data inside the cloud. For example, agencies are expected to maintain the updating and patching of operating systems and application software. Organizations need to understand the responsibility partnership with their cloud service provider (CSP), which can change depending on the type of cloud service consumed.

Action Items

There are steps that agencies can take to build a strong cloud security strategy. There are many initiatives helping drive government cloud adoption, such as the Federal Risk and Authorization Management Program (FedRAMP), Data Center Optimization Initiative (DCOI), Federal Cloud Computing Strategy (Cloud Smart), Trusted Internet Connection (TIC), and the DoD Cloud Strategy. Organizations embracing cloud infrastructure and software as a service (SaaS) offerings such as O365 must ensure that visibility and advanced threat protection is incorporated from the beginning. Security should not be approached in a silo, but is foundational to meeting cloud mission objectives.

Perhaps most critically, agencies must take a holistic approach to cloud security to ensure detection, protection, and visibility across on-premises IT infrastructures, hybrid and multi-cloud environments. That means working with vendors that have a broad portfolio of services and technologies to handle a range of different scenarios.

FireEye employs more than 150 security researchers and experts around the globe, who apply decades of experience to gather forward-looking, high-fidelity, adversary-focused intelligence. This deep knowledge feeds into FireEye Email Security, Endpoint Security, and Network Security technologies, as well as FireEye Helix, a security operations platform that extends visibility into the cloud and helps organizations uncover cloud-specific threats such as geo-infeasibility, device misconfiguration and credential misuse. FireEye Government Email Threat Prevention is the first FedRAMP-compliant cloud email security offering to provide advanced threat protection for government users.

Get more information by downloading the "Cyber Security Compliance in a Cloud Smart Era" white paper.