Virtualization Technology News and Information
VMblog's Expert Interviews: LightCyber Talks Public Cloud Security, Cyberattacks and Blind Spots

Interview Lightcyber 

With its recent product launch, LightCyber introduced industry-first capabilities that close the breach detection gap in cloud data centers, providing the industry's most comprehensive attack visibility for IaaS cloud data centers.  And in a recent Cyber Weapons Report, LightCyber exposed the real methods of attack activity after an initial intrusion, once an attacker gains a foothold in a network.  To dig in deeper, I spoke with Kasey Cross, LightCyber Sr. Product Manager.

VMblog:  What are the blind spots that you have identified in the public cloud data center?

Kasey Cross:  There are four primary blind spots-places where attackers can conduct malicious activity without being detected. The first, and most troubling, is that the public cloud data center can become an ingress or entry point for an attacker when there is a web server and direct Internet access to an IaaS instance. Another common scenario could be a test machine in the public cloud data center that often has Internet access. Such a point is often overlooked, as it is not uncommon to set up such a capability for a specific purpose and then forget that it exists. Either way, this could serve as an entry point to directly steal or damage resources in the cloud data center, or this could be a stepping stone to other assets in the organization, such as the on-premise network or a private cloud data center.

The second blind spot is an IaaS instance being used for a new egress point for command and control communication or data exfiltration. Again, this could be for an attack on the public cloud data center, on-premise resources, or the private cloud.

The other two blind spots involve undetected reconnaissance and lateral movement-two critical steps in the data breach process-within the public cloud data center.

VMblog:  Do you believe that IaaS is inherently unsafe from a security point of view?

Cross:  IaaS is actually quite safe, perhaps even safer than infrastructure managed by a single organization. At the same time it expands the attack surface that cybercriminals and other bad actors already have with on-premise data centers and networks. It adds more places for intruders to attack and hide.

Most companies need to address their primary networks first. The question to ask is, "Do you know if there is an active attacker on your network?" For most, the answer is no, because this requires a behavioral attack detection solution and an acknowledgment that attacks could get in, so you have to be prepared to find them quickly. The corollary is equally important: "Could you find an active attacker on your network? How?"

Once the primary networks are addressed, companies will also want to bring visibility to their public cloud data centers. It is not that IaaS is inherently insecure; it is just another place that attackers can target to initiate an attack, use as a stepping stone to attack another one of your data centers, or as a way to advance an attack. In security, you are only as good as your weakest link, so the public cloud must be addressed along with your other data centers.

VMblog:  To what degree has the public cloud data center been a target for cyberattacks?

Cross:  As workloads have moved to the public cloud, more assets have become targets for attackers. While many organizations still host their most sensitive data internally in their own data centers, public cloud servers are still a common target for opportunistic and automated attacks, such as DDoS and web application attacks. Public cloud data centers will increasingly become a target for advanced cyberattacks as more applications and confidential data are transitioned to the cloud.

VMblog:  What has LightCyber done to address the public cloud data center?

Cross:  We have introduced AWS versions of our product to gain visibility to attacker activity in the cloud, closing off places where attackers could previously work undetected. Now, the LightCyber Magna platform extends across all data centers - those that you run directly and those you obtain as a service.

VMblog:  How does the cloud change the attack surface, and what must be addressed to prevent loss or damage?

Cross:  The public cloud adds new entry and exit points for attackers as well as a place where corporate assets are held and can be reached without detection. These hiding places need to be illuminated with security visibility to spot attacker activity quickly and accurately.


Once again, thank you to Kasey Cross, LightCyber Sr. Product Manager, for taking time out to speak with

Published Tuesday, September 20, 2016 6:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2016>