Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/14/2012
09:53 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cloud Services Face Different Security Threats

Alert Logic study finds that cloud and on-premises customers face about the same number, but different types, of threats.

Alert Logic has examined the idea that the cloud is less secure than an on-premises enterprise data center and found it wanting. Both are about equally risky, it concluded, although the nature of the risk is different in each site.

Alert Logic is a security-as-a-service supplier to both on-premises locations and service providers in the cloud. That puts it in a position to examine 70,000 security incidents arising from over 1.5 billion security events occurring over the last year to its 1,600 customers. It analyzed data from the incidents to determine the nature of the risk at each type of site.

Alert Logic's study, "State of the Cloud Security Fall 2012," might have been skewed in favor of the cloud providers because many of Alert Logic's customers are experienced data center companies likely to have strong security practices. They include: SunGard, the disaster recovery specialist that has gone into cloud services; Rackspace, generally considered the runner-up to Amazon Web Services when it comes to providing infrastructure-as-a-service (IaaS); Internap Network Services, the colocation company and content delivery network; and Datapipe, an IaaS and managed services supplier. But the high profile of these companies also ensures that they garnered attention from some of the most virulent malware makers.

"Service provider-managed environments did not encounter a greater level of threats than on-premises environments. All factors in the analysis supported this conclusion," including types of incident, frequency of incidents, and diversity of threats assailing each type of environment, concluded the study.

[ Want to learn more about what constitutes the chief security threats from a federal IT point of view? See Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats. ]

And while some industries, such as public electrical utilities or financial services, might fear being targeted by skilled hackers, Urvish Vashi, VP of marketing at Alert Logic, said "most attacks are not targeted" at a specific company or industry. They occur almost equally across industry groups, indicating attackers "are looking for vulnerable targets rather than selecting specific organizations to attack." The opportunistic nature of attacks was reinforced by the high level of reconnaissance activity--searching for backdoors, open network ports, etc.--through which an attacker might enter. They occurred across all industry groups, rather than, say, being concentrated on financial services.

Web application attacks, where attackers use toolkits that try to take advantage of an application's known vulnerabilities, such as a buffer overflow exposure, were common to both service providers and on-premises data centers. But they were more frequent among service providers, where 53% of those examined had experienced one. For on-premises data centers, they occurred among 43% of the customers.

But on-premises data centers tend to run a wider variety of applications and operating systems, meaning that those that were attacked would face a larger number of threats, an average of 61.4 such attempts versus 27.8 for service providers.

The opposite was true when it came to brute-force attacks, where malware attempts to gain access through a power penetration program such as password cracking. Forty-six percent of on-premises facilities experienced such attacks versus 39% of service providers. The frequency of such attacks leaned heavily toward on-premises facilities, which averaged 71.7 per customer, versus service providers, which averaged 42.6 per customer.

Those were the two most common attacks experienced at either location. Also common among service providers was the number three threat, the reconnaissance attack, where an agent scans for open ports or attempts to pick up the fingerprint of a running application on a particular network. With such information, the attacker hopes to later find a vulnerability. Thirty-eight percent of service providers experienced such an attack during the six-month period covered by the study. But such attacks were less common on premises, where 32% of customers had experienced them.

The number three on-premises threat came from intrusive malware and netbots, such as the Conflicker and Zeus bots that try to take command of desktop communications. Thirty-six percent of on-premises customers had experienced such attacks, compared to only 4% of service providers.

Vashi said the number of security incidents in each environment lead Alert Logic to conclude there was little security advantage to one over the other. On the contrary, the different types of attack experiences match the different profiles of service providers and on-premises data centers. The service provider is a server-dominated environment with few end users, but relatively rich in application targets, leading to more reconnaissance attacks. The large number of end users in on-premises environments leads to more attempts to crack desktops through Trojan horses, bots, and other malware.

Vashi said IT staffs in both types of environments attempt to keep the environment protected from outside threats, but he gave an edge to service providers, whose task may be somewhat simpler and directly tied to their survival as a business. They tend to supervise large sets of similar servers, running identical or a few closely related operating systems. "The difference is a smaller IT footprint and attack surface," he said. Service providers in some instances are rigorously implementing best security practices, due to the exposed nature of their business.

On-premises IT has a more complicated task of keeping a wide variety of operating systems and applications up to date with patches and may have more points of entry as IT tries to adapt to the many types of computers and handheld devices that it is trying to support. On-premises sites are more likely to have a misconfigured system running somewhere that has (at least momentarily) been lost track of.

"While there are many factors to weigh when deciding whether to move infrastructure to the cloud, an assumption of insecurity should not be among them," the study concluded.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cryptodd
50%
50%
Cryptodd,
User Rank: Moderator
9/18/2012 | 11:20:45 PM
re: Cloud Services Face Different Security Threats
This survey certainly illustrates some interesting differences regarding the challenges of securing on-premise versus cloud environments -- especially the preponderance of desktop attacks against enterprises and application/infrastructure attacks against cloud providers. Obviously, these strategies make sense. One element of the security equation that is the common across both environments is Gǣdefense in depthGǥ data protection. Applying layers of protection to data, such as access controls, encryption and activity monitoring, is required on-premise and in the cloud.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3931
PUBLISHED: 2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.