An overview of Tenable’s CIEM solution

An overview of Tenable’s CIEM solution

Today, the public cloud has become the preferred way of doing business, which is causing challenges for security teams, as public cloud environments often create many access entitlements and associated vulnerabilities. In the latest blog in our cloud security series, I take a closer look at Tenable’s CIEM solution and highlight some of the benefits it offers customers.


Tenable’s CIEM solution provides customers with visibility, risk prioritisation and security control across multiple cloud environments and services. It delivers granular, role-based access controls (RBAC) for each user and is intended to give customers better control over access management in a cloud environment. Tenable CIEM provides organisations with real-time visibility into the entitlements granted to both human and machine identities.

With Tenable CIEM, organisations can enforce the security principle of least privilege for access control management. This means that access should be limited to only those users, applications and devices that need it to perform their tasks, and the least privileged access required to accomplish a specific action is the most secure approach. Tenable CIEM’s advanced security analytics also give customers insight into who has access to what resources, how often they’re using those resources, and when, allowing them to quickly detect anomalous or suspicious behaviour.

One of the key benefits of Tenable CIEM is that it gives organisations complete visibility and control over all their cloud resources, enabling them to maintain a more secure cloud environment. By reducing the risk of insider threats and external cyberattacks, companies can reduce costs, optimise their compliance and minimise the damage from breaches. Tenable CIEM provides insights into potential risks, like high-privileged accounts, stale and orphaned users and resources, as well as access misconfigurations that can leave the organisation open to vulnerabilities.

Tenable CIEM delivers flexible policy controls to detect risky behaviours in real-time and generates detailed compliance and security reports to facilitate regulatory and audit requirements. It is also built with extensible APIs that provide integrations with your current security tools, enabling them to consolidate alerts and notifications. With its user-friendly dashboard, users can view information on all entitlements across their organisation and an automated alert feature allows them to track changes in the privileges, configurations, and accesses. Moreover, Tenable CIEM gives security teams the flexibility to generate specific entitlement reports on-demand or set them up to generate automatically.

Tenable CIEM is cloud-native, which means it’s optimised for modern cloud infrastructures and built to deliver agility and scalability in cloud-based applications and services. It offers ease of integration, so you can work seamlessly with all the existing tools and services that you use, without needing to set up new tools or training sessions for the IT teams.

CIEM from Tenable is essential for cloud security and the organisation’s overall risk management, which requires a comprehensive view of user and machine identities and how they access and use cloud resources. Its enhanced functionality gives security teams a real-time insight into the usage of identity privileges and mitigates risks in complex environments. By prioritising the right users, systems and devices for attention, CIEM provides advanced threat analysis and prioritisation capabilities to detect the latest threats and zero-day vulnerabilities. In conclusion, Tenable CIEM is an excellent tool that enhances organisations’ overall cybersecurity and regulatory compliance posture.

For more information about Tenable’s CIEM solution, call us on +44 330 128 9180 or email info@4datasolutions.com.

Solving cloud security challenges with CIEM

Solving cloud security challenges with CIEM

With the increasing adoption of cloud computing, organisations face numerous challenges in ensuring the security of their cloud environments. Cloud Infrastructure and Platform as a Service (IaaS and PaaS) providers offer built-in security measures, but organisations often struggle to manage and monitor these resources effectively. Cloud Infrastructure Entitlement Management (CIEM) has emerged as a solution to address these issues. In this blog, I discuss the problems that CIEM solves in cloud security and the benefits it provides to organisations.


Problem 1: Misconfiguration and Access Control

One of the primary issues in cloud security is the misconfiguration of resources and ineffective access control. Organisations often unintentionally expose sensitive data, applications or services due to misconfigured security settings, leaving them vulnerable to security breaches. Additionally, managing user access privileges and permissions across various cloud services can be complex and error-prone. CIEM offers centralised management and visibility into access controls, enabling organisations to identify and rectify misconfigurations in real-time. By automating the enforcement of security policies, CIEM helps prevent unauthorised access and provides granular control over user entitlements, reducing the risk of data breaches.

Problem 2: Insider Threats and Shadow IT

Insider threats and shadow IT are major concerns for organisations operating in the cloud. Employees with privileged access can misuse their privileges, intentionally or unintentionally, leading to data leaks or unauthorised access. Additionally, the use of unauthorised cloud services, known as shadow IT, can exacerbate security risks by bypassing corporate security policies. CIEM helps mitigate these risks by providing continuous monitoring of user activities, detecting anomalous behaviour and alerting administrators of any suspicious activities. It offers insights into both authorised and unauthorised cloud resources, allowing organisations to identify and address any shadow IT usage. By minimising the potential for insider threats and shadow IT, CIEM strengthens cloud security overall.

Problem 3: Compliance and Regulatory Challenges

Complying with industry regulations and data protection laws is critical for organisations, especially those that handle sensitive customer data. Ensuring continuous compliance in dynamic cloud environments can be a daunting task. CIEM facilitates compliance efforts by providing visibility into user entitlements, monitoring cloud configurations, and detecting policy violations. By generating detailed reports on user access, privilege usage and compliance metrics, CIEM helps organisations demonstrate adherence to regulatory requirements. The automation of compliance controls and real-time monitoring offered by CIEM significantly reduces the manual efforts required to maintain compliance, allowing organisations to focus more on their core business while ensuring data security.

Conclusion

Cloud Infrastructure Entitlement Management (CIEM) addresses critical cloud security challenges faced by organisations today. By solving problems such as misconfigurations, access control, insider threats, shadow IT and compliance, CIEM enhances the security posture of cloud environments. It provides comprehensive visibility and centralised management, enabling organisations to identify potential vulnerabilities, detect unauthorised activities and enforce security policies effectively. With CIEM, organisations can confidently embrace the benefits of the cloud while ensuring the protection of their sensitive data and maintaining regulatory compliance. By leveraging CIEM capabilities, organisations can strengthen their cloud security strategy and minimise the risk of breaches, ultimately preserving their reputation and customer trust.

A Guide to Cloud Infrastructure and Entitlement Management (CIEM)

A Guide to Cloud Infrastructure and Entitlement Management (CIEM)

The cloud has revolutionised the way we work, providing businesses with on-demand access to scalable and cost-effective resources. But with great power comes great responsibility, especially when it comes to managing cloud infrastructure and entitlements.

There is growing recognition that traditional cybersecurity approaches – such as the castle-and-moat approach to protecting the perimeter – simply don’t work in the cloud because they focus solely on external threats, neglecting the growing concern of insider threats and vulnerabilities within the cloud infrastructure itself.

Instead, the primary attack surface is now identity.

Identity is everything in the cloud, and Identity and Access Management (IAM) has become the new perimeter and a critical component of security in this distributed environment. It encompasses the tools and policies used to ensure that the right users – and only the right users – have access to the right resources at the right times and for the right reasons. It involves managing identities (both human and non-human, such as services or IoT devices), their permissions and various authentication mechanisms (like passwords, multi-factor authentication, etc.).

Let’s first look at why the castle-and-moat approach to protecting the perimeter no longer suffices when it comes to the cloud. The castle and moat analogy in cybersecurity refers to a perimeter-based security model. It visualises an organisation’s network as a castle, with valuable data and systems residing within. The moat represents the security measures implemented to protect the internal network from external threats.

In the digital world, the ‘castle’ is your computer network with valuable data, and the ‘moat’ is a strong outer defence. Firewalls and security systems act like guards, keeping intruders out. However, once inside the network (like crossing the drawbridge), users have free reign. The castle and moat method to security works well against external threats, but it has weaknesses. It assumes everyone inside is trustworthy and doesn’t address insider threats or attacks that bypass the perimeter.

The current cyber-attack cycle often starts with attackers seeking access through poorly managed privileges and then pivoting between resources, discovering credentials and other identities to obtain something of value.

In the public cloud, where resources are spread out and accessible remotely, identity becomes paramount for security because it dictates who can access what, and how. Here are some of the reasons why identity is paramount:

  • Access Control: Centralised identity management allows you to define granular permissions for users and applications. Without proper identity controls, anyone could potentially access sensitive data or perform unauthorised actions.
  • Authentication: Strong identity verification ensures only authorised users and applications can access cloud resources. Multi-factor authentication (MFA) adds an extra layer of security beyond just usernames and passwords.
  • Accountability: Identity creates an audit trail. By tracking who accessed what resources and when, you can identify suspicious activity and hold individuals accountable for their actions in the cloud.
  • Shared Responsibility: Public cloud security is a shared model. While the provider secures the infrastructure, you control who has access to your resources. Identity management is crucial in fulfilling your part of the security responsibility.
  • Dynamic Environments: The public cloud is fluid, with resources constantly being created, modified, and deleted. Identity helps maintain control in this dynamic environment by ensuring access permissions are always up-to-date and aligned with current needs.

Effectively managing identities in the public cloud is like managing the keys to your digital kingdom. Strong identity practices and carefully managed privileges are the foundation for securing your data, applications and overall cloud environment. However, with hundreds of privileges available to assign to an entity, the chance of getting it right for every entity all of the time is very low indeed without a tool like CIEM (Cloud Infrastructure Entitlements Management).

Whereas the castle and moat analogy focuses on keeping attackers out, CIEM also focuses on detecting and responding to threats within the system. CIEM goes beyond just perimeter security and encompasses activities like user behaviour monitoring, log analysis and incident response. It keeps track of who has keys (access permissions) to each room and ensures no one has more access than they need. CIEM constantly monitors these permissions, identifying overly powerful keys and potential security risks. CIEM continuously monitor for new threats and vulnerabilities, therefore helping organisations follow the ‘least privilege’ principle and reducing the chances of data breaches in the cloud.

CIEM uses analytics to identify potential security incidents and threats, allowing security teams to gain visibility into security events across the organisation; detect and investigate suspicious activity and respond to security incidents more quickly and effectively.

To conclude, the phrase ‘IAM is the new perimeter’ reflects a paradigm shift from network-centric security models to identity-centric models, where managing identities and access effectively is key to securing digital assets in a distributed and cloud-based computing environment. A robust CIEM solution can significantly improve your cloud security posture, ensure compliance, optimise costs and give you peace of mind knowing that your cloud kingdom is well-protected.

The crucial role of identity in cloud security

The crucial role of identity in cloud security

As more and more businesses turn to cloud computing, it is increasingly important to understand the role of identity in cloud security. In this blog, we will explore why identity is crucial in cloud security and what measures businesses can take to strengthen their identity and access management practices.

 

The importance of identity in cloud security cannot be overstated. With cloud computing, businesses store and access their data and applications from remote servers. This means that the traditional perimeter-based security model of protecting a physical network perimeter is no longer adequate. Instead, identity and access management (IAM) have become central to securing cloud-based systems.

Identity and access management are essential because they ensure that only authorised users can access data and applications. By creating unique identities for each user and implementing policies that dictate access levels based on those identities, businesses can prevent unauthorised access and limit the damage if a breach does occur.

There are several reasons why identity is so important in cloud security:

Protects against data breaches

One of the biggest concerns for businesses when it comes to cloud security is data breaches. Hackers target cloud services because of the vast amount of data stored there. IAM helps prevent breaches by controlling access to data and applications, ensuring that only authorised users can view sensitive information.

Maintains compliance

Businesses operating in certain industries or regions may be subject to regulatory requirements governing how data is stored and accessed. IAM helps businesses maintain compliance with these requirements by tracking who has access to what data and monitoring user behavior.

Provides centralised control

In a cloud environment, access control is no longer confined to a physical network perimeter. Instead, businesses need to control access to resources across multiple environments and platforms. IAM provides centralised control, allowing businesses to manage user identities and access rights across multiple clouds and platforms from a single interface.

Enables segregation of duties

Segregation of duties is an important aspect of security, especially for businesses handling financial transactions. IAM allows businesses to create roles that have access to only the data and applications necessary for their specific job function. This limits the potential for unauthorised access to sensitive data and prevents employees from abusing their privileges.

To ensure effective IAM in a cloud environment, businesses must implement the following measures:

  1. Establish access controls
    Access controls determine who can access data and applications and what level of access they have. This should be based on a user’s identity, role, and need-to-know. Businesses should establish policies and procedures for granting, revoking, and reviewing access rights.
  2. Authenticate users
    To prevent unauthorised access, businesses must verify a user’s identity before granting access. This can be done through multi-factor authentication, which requires users to provide something they know (password), something they have (security token) or something they are (biometric).
  3. Monitor user behaviour
    Monitoring user behaviour can help detect suspicious activity, such as unauthorised access attempts or unusual patterns of data access. Businesses should use tools to monitor user behaviour and investigate any suspicious activity immediately.
  4. Enforce policies
    IAM policies should be regularly reviewed and updated to ensure they align with business needs and industry regulations. Policies should be enforced consistently across all platforms and cloud environments.

In conclusion, identity is critical in cloud security. IAM is the key to controlling access to data and applications in a cloud environment. Businesses should take steps to implement effective IAM policies and procedures to ensure that their data and applications are secure. By doing so, businesses can reduce the risk of data breaches, maintain compliance, and improve overall security posture.

Cloud in Crisis – Part 2

Cloud in Crisis – Part 2

We consider the four main cloud security archetypes available today and highlight why a practical approach to multi-cloud security needs to unify the strategies of these archetypes while addressing the security pain points.


In July, a blog by Ian Tinney explored where the responsibility for cloud security rests and highlighted some of the most common cloud security fails. In the second of this two-part blog series, Ian takes a closer look at the four main cloud security archetypes available today and explains why a practical approach to multi-cloud security needs to unify the strategy outlined by these four archetypes while addressing the security pain points.

The need to improve cloud confidence and create a cohesive approach to cloud security has seen several new archetypes emerge. Four cloud security pillars – CSPM, CIEM, CWPP, and CNAPP – identified by Gartner and are now used as the basis to classify third-party security solutions.

Let’s look briefly at these in turn.

  • CSPM (Cloud Security Posture Management) provides cross-platform control of the cloud infrastructure. CSPM security management automation tools address misconfiguration issues by analysing configurations and comparing these with other inputs to identify risks. Today, a good CSPM tool should facilitate security enforcement and operations, compliance assurance, investigation and incident response. According to Gartner, through 2024, organisations implementing a CSPM offering and extending this into development will reduce cloud-related security incidents due to misconfiguration by 80%.
  • CIEM (Cloud Infrastructure Entitlements Management) Understanding the importance of access and entitlements, analyst firms Gartner and Forrester have highlighted the need to focus on Identity Governance in the cloud by reiterating the importance of Cloud Identity Governance (CIG) and Cloud Infrastructure Entitlements Management (CIEM). CIEM is newer than CSPM and fills the Identity and Access Management (IAM) gap. CIEM solutions leverage analytics and machine learning to detect anomalies around identities and entitlements. CIEM technologies discover all identities, users and their entitlements, and enforce identity and access governance controls to reduce excessive entitlements and right-size privilege access across the multi-cloud.
  • CNAPP (Cloud-Native Application Protection Platform) is the latest addition to the Gartner cloud security fold and is a convergence of multiple disciplines such as CWPP, CSPM and some CIEM functionality that delivers a full stack multi-cloud overview. CNAPP has come about in response to the demand for ‘cloud native’ security that seeks to protect the apps rather than just the infrastructure. The reliance on Infrastructure as Code (IaC) meant that CNAPP became necessary in order to protect the code used to build this infrastructure from malicious intent. CNAPP sees security workload and configuration scanning performed during development so that technologies are then protected during run time. Misconfigurations are not just identified but are used to identify security risks in associated or connected cloud resources.
  • CWPP (Cloud Workload Protection Platforms) is focused on the protection of workloads – irrespective of type or location – and scans for vulnerabilities and configuration issues, among other things, within the workload. CWPPs are designed to detect and prevent app attacks without needing to know the input source. They profile the application function and its behaviour and look for deviations from these and enforce a zero-trust policy. A comprehensive CWPP should give you the ability to discover and manage any unmanaged workloads you discover. CWPP capabilities typically include system hardening, vulnerability management, host-based segmentation and system integrity monitoring. CNAPPs use CWPP to give them more visibility.

Although the four cloud security archetypes provide a much-needed cloud-centric approach to security, each focuses on one particular area: no one strategy provides a complete security solution. Over time, some of the archetypes have attempted to fill the gaps in security provisioning, which is why we see CIEM provide the IAM that CSPM lacks and CNAPP borrow from CWPP to gain more depth into application workloads. But they still largely operate independently. To draw upon the security benefits of all four strategies, we need to simplify them and focus on what security teams need in order to quickly detect, investigate, triage and resolve high-risk, high-impact vulnerabilities.

A practical approach to multi-cloud security needs to unify the strategy outlined by the four archetypes while addressing the following security pain points:

  • A multi-cloud security baseline
  • Context-driven security
  • Risk scoring based upon a standardised threat matrix
  • Real-time cross-platform threat detection
  • Enforcement of least privilege and use of JIT privileges
  • Infrastructure as Code (IaC) security to shift left

This can be achieved by using cloud-native technology such as Ermetic’s identity-first CNAPP solution. The platform provides comprehensive cloud security that dramatically reduces your cloud attack surface. By automating complex cloud infrastructure security operations, it unifies full asset discovery, deep risk analysis, runtime threat detection and compliance reporting, combined with granular visualisation and step-by-step guidance.

CNAPP (CSPM + CWPP) leaves a vast gap around identities and privileges that Gartner has identified as a leading cause of cloud security issues. However, through our partnership with Ermetic, we are able to deliver identity-first CNAPP by combining the very best of the different cloud security archetypes into a unified, multi-cloud security product which gives you better visibility, awareness and control over your data, across platforms. This enables you to monitor the security and assess and respond to alerts based on the risk level. It also allows you to set policies and assess compliance with industry standards and regulations in real time. And it can be used to automate incident response and remediation.

Talk to us today about securing your cloud – identity first. Call us on +44 330 128 9180 or email info@4datasolutions.com.

You can also find out more in our ‘Cloud in Crisis: solving the multi-cloud security problem’ white paper here. Developed in partnership with our vendor, Ermetic, the white paper takes a closer look at:

  • The state of the cloud
  • Top cloud threats
  • The data security disconnect
  • Cloud security fails
  • An overview of today’s security solutions
  • Unified multi-cloud, identity-first security management
Cloud in Crisis – Part 1

Cloud in Crisis – Part 1

With more and more businesses adopting a ‘cloud first’ strategy, and migration to multi-cloud already established as a key trend in 2023, security teams are struggling to get complete visibility of the cloud infrastructure.

In the first of a two-part blog, Ian Tinney explains where the responsibility for cloud security rests, and highlights some of the most common cloud security fails. 


Multi-cloud – the use of more than one public cloud service provider, typically a combination of AWS, Microsoft Azure and Google Cloud – continues to grow. According to Forrester1, 60% of organisations are using multi-cloud, with this number predicted to rise to 81% over the next 12 months.

Multi-cloud promises to allow organisations to use the best of what’s on offer without the fear of having to lock in to any one vendor. Forrester’s research also found that 90% of businesses find that multi-cloud is helping them achieve business goals.

However, there is a downside to the rapid adoption of cloud services. Security teams are struggling to get full visibility of the cloud infrastructure, and gaps and blind spots in the security posture are making it more susceptible to attacks. Although businesses recognise the benefits the cloud can bring, confidence in security is clearly a significant area of concern for businesses.

62% of organisations are not confident in their security posture and 58% are aware of fewer than 75% of the assets on their network. In addition, 83% of organisations do not have a unified view into cloud and on-premises assets.2

At the same time, cloud-based cyberattacks are increasing exponentially – there was a 48% year-on-year increase in 2022.3 The Cloud Security Alliance identified data breaches as the top cloud threat in 2022.4

Lack of clarity around cloud security responsibilities

Many businesses mistakenly believe that the cloud is secure by default and that cloud-native security tools will protect them against security breaches, but this results in a disconnect which leaves data exposed.

At the same time, there is widespread confusion around who is responsible for security within the cloud. In simple terms, cloud service providers are only responsible for the security ‘of’ the cloud, while security ‘in’ the cloud is the responsibility of the business. As such, businesses operating in the cloud must accept shared responsibility for security.

Let’s take a closer look at what each party is responsible for. The cloud provider has responsibility for:

  • Protecting the cloud provider’s physical premises, software, network and hardware
  • Service-level security, i.e. protection against attacks that would affect the entire cloud service
  • Ensuring their systems are always updated and have the necessary patches in place
  • Providing business continuity services and contingencies in case of an accident or system failure

The cloud customer has responsibility for:

  • Ensuring systems are properly configured
  • Security of traffic coming in and out of the server
  • Maintenance and protection of all platforms and applications running on the cloud
  • Patching their OS and applications
  • Configuring their OS, databases, and applications
  • Managing and handling all matters related to login, authentication and access permissions
  • Protection of the data that enters and exits the cloud service
  • Controlling what data is loaded to the cloud and ensuring an appropriate level of encryption
  • Enforcing security best practices for the cloud

While all cloud service providers have their own native security capabilities that can be easily configured and deployed, these capabilities only work well for businesses with minimal security aspirations. Native security capabilities are features rather than tools, and they don’t have the depth of coverage that a third-party cloud security platform can offer. This is why the business needs to have its own cloud security solutions.

Cloud security fails

According to analyst firm Gartner, through 2025, 99% of cloud security failures will be the customer’s fault. Today, an estimated 75% of security failures will result from inadequate management of identities, access and privileges, up from 50% in 2020.5

Understanding where the repeat failings lie can help to guide cloud security policy and investment.

Let’s take a closer look at some of the most common reasons for cloud security failures.

  • Misconfiguration: The cloud has tens of thousands of configurations, and if one or a combination of these is misconfigured, it can affect or contribute to the risk of a cloud resource. Cases of misconfiguration will rise as businesses become more agile and take advantage of cloud services. Today, most solutions only look at misconfigurations that affect a resource and do not report on risks from associated or connected cloud resources.
  • Quantify risk posture: The business needs to be able to baseline its cloud environment by assessing its infrastructure, identifying threats and correcting any risks and violations of compliance or best practice to understand its risk posture. It also needs to perform this discovery and inventory on a regular basis to control its cloud security and compliance.
  • Privilege creep: Failing to implement least privilege, whereby restrictions are put in place to assign the least access needed to perform certain tasks, is the number one cause of security breaches. During audits, we found almost 90% of cloud accounts had too many users assigned administrator privileges that were not needed. Privilege creep is where your least privilege policy is slowly eroded and undermined as more identities are added. A typical cloud environment has multiple human and non-human identities with tens of thousands of associated entitlements. It quickly becomes impossible to manage and govern these identities and their entitlements manually, so access can become granted by default. Once compromised, the attacker can then leverage entitlements attached to the identity to laterally move within the infrastructure and access services or exfiltrate data.
  • False positives: Approximately 75% of security teams spend the same amount of time or more investigating false positives as they do investigating genuine threats, and the sheer volume of alerts can be overwhelming. About 45% of all cybersecurity alerts are false positives. False positives cause the same amount of downtime as real cyberattacks.6 As new cloud providers are brought on board under multi-cloud, the business ends up with incompatible software, which is then run simply in log/monitor mode or is disabled, with 91% of businesses hobbling their software in some way due to coping with alert volumes.7
  • Threat management: In an ideal world, security teams would be able to detect and apply importance to alerts so that the most critical vulnerabilities could be dealt with and resolved first. But in reality, they can’t. There is a huge disconnect between the security alerts being generated and the ability to grade and manage them effectively. Key to threat management is being able to prioritise alerts. Without this, security management becomes a game of whack-a-mole as you cannot determine which incidents are the most pressing and require attention first. Without a good grip on threats, risk and remediation, it becomes impossible to move towards a mature cloud operating model where auto-remediation can be considered.
  • Lack of oversight and cloud sprawl: As businesses have built out their cloud presence, moving to either hybrid or multi-cloud models, so complexity has increased, making it harder to maintain visibility of all the identities across the cloud infrastructure, for instance. As more security systems are brought online, so more alerts are generated, particularly if these third-party solutions aren’t integrated adequately. Unless the business has cross-cloud visibility, it cannot create an accurate inventory across Compute, Network, Storage and IAM components; or gain contextual insights into the security posture, all resources, alerts, and the compliance status; or gain real-time security and operational intelligence and check the configuration of resources.
  • Compliance challenges: Businesses and their cloud providers now share responsibility for security, and this, together with a lack of visibility, the ephemeral nature of resources, and a multi-cloud environment, make compliance in the cloud challenging, particularly for those in regulated industries and with contractual requirements. Cloud infrastructure should be continuously monitored for the risks of non-compliance with security requirements, standards, and regulations such as ISO 27001, CIS, NIST, GDPR, POPIA, Fedramp, HIPAA, HITRUST etc. 
  • High MTTD and MTTR: The Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to a potential security threat are the most important metrics for the security team when it comes to resolution. Both are now on the rise due to increasing threat volumes and the working-from-home trend. According to IBM, the average breach lifecycle takes 287 days, with organisations taking 212 days to initially detect a breach and 75 days to contain it.8 Other reports suggest dwell time (the time between the start of a cyber intrusion and it being identified) stands at 30 days for those self-detecting, although 12% of internal investigations have a dwell time in excess of 700 days.9 To reduce MTTD and MTTR, the business must adopt a more holistic, proactive approach that sees technologies combined to provide a single view, enabling quicker decision-making.

Look out for the second part of this blog where I’ll dig deeper into the security solutions available today and review the four cloud security pillars identified by Gartner that are now used as the basis to classify third-party security solutions – CSPM, CIEM, CWPP and CNAPP.

 

  1. Forrester Consulting Thought Leadership Paper (commissioned by HASHICORP in January 2022)
  2. Balbix 2022 State of Security Posture Report 
  3. Check Point Research (CPR) 
  4. CSA’s 2022 Cloud Security Alliance Top Threats research 
  5. Gartner ‘Is the Cloud secure?’ blog
  6. Fastly – Unified web app and API security, anywhere
  7. Fastly and the Enterprise Strategy Group, Reaching the tipping point of Web Application and API security blog
  8. Blumira and IBM 2022 report 
  9. FireEye Mandiant M-Trends 2020 Report