We’re only as strong as our weakest link. In a time when our attack surfaces are growing beyond what traditional security measures can keep up with, we must work to understand unknown threats and improve attack signal clarity.

CISOs and their SOC teams often work with frustratingly limited visibility. With cloud-based incidents on the rise, a prevention-first mentality can sometimes lead to a “blindness tolerated” mindset, which ultimately empowers attackers. To prioritise signal clarity, we need to address three unknowns using three pillars that enhance visibility.

Cloud becomes the norm, and security suffers

After several years of rapid change, Gartner reports that global end-user spending on public cloud services is expected to increase by 20.7% to reach $591.8 billion in 2023. This growth is higher than the 18.8% forecasted for 2022 and brings the total spending up from $490.3 billion in 2022.

In the Asia-Pacific region, IDC has found that cloud adoption significantly impacts business growth and resilience. Many companies in the region plan to allocate around 34% of their overall budget to infrastructure-as-a-service (IaaS) platforms to manage and control critical business components without incurring costs for data centres and physical servers.

In terms of security, IBM Security researchers report that 45% of data breaches in 2021 occurred in the cloud. Additionally, Vectra’s research found that 72% of security leaders are concerned that an attacker has already infiltrated their environment, but they lack the means to verify this occurrence or its location.

What defines an unknown? Breaking down three blind spots 

One of the top blind spots for organisations is unknown exposure. With a constantly expanding attack surface, security teams have to deal with more surface areas where unknowns can exist. While governance, risk, and compliance leaders often work with cloud security posture management teams on vulnerability detection (such as misconfigurations and neglected updates), this is often not enough to prevent attackers from infiltrating the cloud. In fact, a 2021 survey by CheckPoint Software found that 75% of successful cyberattacks in the previous year exploited vulnerabilities that were more than two years old.

Another major unknown is compromise. This is a worst-case scenario for CISOs, especially given the limitations of today’s point solutions to cover networks, endpoints, and everything in between. The likes of IaaS, platform as a service (PaaS), and software as a service (SaaS) can make a hybrid cloud landscape complex and difficult to secure. Siloed tools that send a snowstorm of false positives to security teams enable attackers to slip by unseen, especially as their tactics continue to advance.

The white noise problem also feeds into our third unknown: unknown threats. Even when a vulnerability has been discovered, it can be challenging to discover the infiltrator and their payload. Defenders and incident response teams can be slowed by point solutions, dashing from pane to pane trying to piece it all together. This can lead to late discovery as security teams sift through mountains of false positives, by which time attackers have already done their damage.

Tackling three primary challenges and barriers to clarity 

Once these top three blind spots have been addressed, we must move towards signal clarity. First, our people need our support. We know that in APAC, security leaders are struggling to hire skilled people or retrain as needed. This is leaving gaps in our expertise and more pressure on team members who are there. We need to support staff to tackle the escalation in threat incursions and their sophistication, and to grasp the intricacies of cloud security.

The second challenge lies in our processes. When IBM Security tells us it takes organisations an average of 10 months to identify and contain a breach, we know we have to implement automation to effectively reduce manual tasks and improve workflow orchestration.

Third, we must address our technology shortfalls, where blind SOCs scramble ineffectually to get a handle on their environments and the threats they face.

Three deliverables to improve attack signal clarity 

To follow the theme of “three,” here are three deliverables that will help organisations achieve better threat detection and response in a hybrid cloud environment:

• The first deliverable is comprehensive attack coverage. SOC teams must consolidate their threat visibility and detection capabilities across their entire hybrid and multi-cloud attack surfaces, including IaaS, PaaS, SaaS, identity, and networks.
  
• The second deliverable is signal clarity. SOC teams must be able to identify when an attack is taking place and understand the actions taken by the attacker after they gain access. This allows teams to clearly prioritise and respond to critical threats.
  
• Finally, intelligent control means having the right context at your fingertips to speed up investigations, automate workflows, and target the response action to disrupt or contain an attack. Organisations should invest in the right tools, processes, and playbooks to boost SOC efficiency and effectiveness.

Protecting our systems and teams 

If we can’t improve clarity and visibility over our hybrid cloud environments, then what promises to be a huge benefit to our organisation could instead be our downfall. Thankfully, we can clean up our methods and make the necessary improvements to ensure the safety and security of our assets.