Remote or hybrid workforces coupled with customers’ demands for increased delivery speed of services has made securing the digital attack surface a challenge for security and cloud leaders. Chaitanya Pinnamanemi, CTO of Sandstone (FinTech), discusses his team’s journey to the cloud and how to effectively manage their growing attack surface.
Sandstone, a FinTech organization that primarily offers digital banking solutions and products, decided to go fully cloud-native in 2018 to accelerate business innovation. While the shift from on-premises to the cloud provided several operational benefits, securing a perimeter-less environment where new assets could be spun up whenever, wherever presented a new challenge for Pinnamanemi and his team.
Cattle vs. pets
Pinnamanemi uses the “cattle vs. pets” analogy to describe the difference of asset tracking between on-premises and cloud environments.
The old way of keeping track of your on-premises services is treating them like pets—you have limited numbers, and you give them unique, special names and you know them very well explains Pinnamanemi. When your pet gets sick, you take them to the doctor. Similarly, when you have an issue with an on-premises service, you call in an engineer.
However, these old methods of tracking inventory don’t work for cloud assets. The new way, Pinnamanemi explains, is treating them like cattle, which require less individual maintenance. There are hundreds, if not thousands, of them at any point of time, so if you treat cloud services like pets—manually checking, configuring, and/or fixing each—your workflows will come to a halt. And in this uber connected age with increasing customer demands and expectations, enterprises cannot risk even the smallest delay or lag.
To better manage your cloud assets to ensure operational efficiency, Pinnamanemi says you need better tooling that provides comprehensive visibility across your attack surface. This allows security teams to quickly discover, assess, and respond to potential threats across your ever-expanding digital attack surface.
Blink and there’s five new high-critical CVEs disclosed. At least it seems that way. To quell panic, Pinnamanemi says it’s important to first assess whether the vulnerability is applicable to you. For example, no need to sound the alarm over Apache Log4j (Log4Shell) if you’re not using the software. This is another reason visibility is so important; if you can discover your attack surface at-a-glance, security teams are enabled to assess the risk and limit the scope of a threat.
“The days of fixing every vulnerability in a short period time is gone,” Pinnamanemi noted. “Now, all we are doing is managing the really high [critical] ones that do affect us [and] prioritizing them.”
When Sandstone first started the ISO processes, they defined what’s most important to their organization and created a framework to help them prioritize. They determined that workload security was a top priority because as a FinTech organization, customer data is extremely valuable. Also, the financial industry is one of the most targeted by ransomware actors, which makes protecting troves of personal and financial details crucial.
Prioritizing assets by workload impact enables security teams to quickly assess if a vulnerability needs to be patched, fixed, or taken out of the stack.
Evidently, enterprises need the right security tool to address the challenges of cloud security and effectively manage the digital attack surface to reduce cyber risk. And at the crux of cloud complexity is visibility.
“If you do not have 100% visibility in the cloud, you’re not doing it right,” said Pinnamanemi.
Evidently, you need total oversight across your infrastructure. Unfortunately, siloed point products create visibility and data gaps, leading to false positives that slow down security teams’ investigation and response to high-critical vulnerabilities.
As we mentioned, new CVEs seem to crop up daily, and even old vulnerabilities can come back to haunt you. Look for a unified cybersecurity platform with virtual patching capabilities that allows security teams to quickly apply patches to impacted systems and services before a vendor patch is released, further limiting the scope of an attack and reducing cyber risk.
A unified cybersecurity platform with broad third-party integrations will also provide comprehensive visibility across the entire attack surface. Look for a platform backed by extended detection and response (XDR) capabilities, which collect and correlate deep threat activity data to surface higher-confidence alerts, enabling security teams to mitigate risks faster.
To learn more about digital attack surface management and Trend Micro One, our unified cybersecurity platform, check out these resources: