paint-brush
The Missing Piece in Cybersecurity: Tools that Go Beyond Issue Detectionby@FrederikBussler
287 reads

The Missing Piece in Cybersecurity: Tools that Go Beyond Issue Detection

by Frederik BusslerDecember 8th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

More cybersecurity tools may not be the answer. Teams are drowning in alerts, and a focused approach is needed.
featured image - The Missing Piece in Cybersecurity: Tools that Go Beyond Issue Detection
Frederik Bussler HackerNoon profile picture

Breaches and cyber attacks dominate headlines today. Hardly a week goes by without news of another massive data leak or ransomware attack bringing a company to its knees. In fact, studies show that the large majority of organizations have experienced cyberattacks. As threats proliferate, organizations invest heavily in security tools and staff.


The average enterprise uses a ridiculous 45 different security solutions and technologies. More tools mean more alerts and more alerts lead to alert fatigue. Unsurprisingly, a survey found that too many tools decrease effectiveness, hindering cybersecurity efforts. Exhausted security teams struggle to separate signal from noise, leading to missed threats and breaches.


This rising tide of alerts threatens to drown security teams. A study by Vectra AI found that security analysts can’t deal with 67% of the daily alerts they receive. Most alerts are false positives and not worth the time.


New cybersecurity vendors like Kivera are pioneering preventative approaches to cloud security. Rather than just detecting threats, Kivera stops misconfigurations before they happen to reduce the number of alerts in the first place. This prevents issues upfront rather than reacting after the fact.

The Root Cause of Most Cloud Breaches

The root cause behind most cloud breaches is misconfigured resources and permissions. Research suggests 99% of cloud security failures will result from customer misconfigurations by 2025. Cloud environments are incredibly complex, with thousands of services and configuration options. Just one mistake can leave an opening for attackers to exploit.


All those misconfigured cloud resources trigger floods of policy violation alerts. But detecting problems after they occur is too late. The damage is already done. Attackers move quickly to take advantage of any slip-up. By the time an alert is triggered, sensitive data may have already been stolen.


That's why forward-thinking organizations are shifting to preventative security controls. The traditional reactive model of detect-alert-respond is simply unsustainable. Prevention stops mistakes and policy violations before they ever happen.

The Limitations of Detection-Focused Tools

Cloud-native security tools on the market today focus heavily on detection and response. These tools are valuable layers of defense but come with inherent limitations:


Cloud security posture management (CSPM) solutions from vendors such as Wiz and Orca continuously monitor cloud configurations and permissions. They identify resources that violate security policies or best practices. But again, problems are only detected after misconfigurations occur.


The latest evolution in cloud security is cloud-native application protection platforms (CNAPP). Companies like Sysdig and Palo Alto Networks provide CNAPPs that combine security tools such as CSPM and CWPP with code scanning for cloud security.


While these platforms embed security in code and templates, they face limitations in infrastructure-as-code scanning, restricted to specific programming languages. Kivera overcomes this by operating at the API level, offering a more universal and adaptable security solution.\

However, CNAPPs still rely heavily on threat detection and response. They aim to identify anomalies in cloud applications and resources. However, gaps that allow the attacks in the first place are not directly addressed.

The Preventative Security Model

The limitations of these detection-focused tools highlight the need for a preventative approach to cloud security. The ideal security model employs a mix of preventative and detective controls, commonly referred to as the “layered security model.”


Preventative controls stop policy violations and misconfigurations before they happen. Rather than reacting to events, preventative controls proactively enforce security requirements within systems. Prevention provides a first line of defense to maintain a strong security posture.


Detective controls then provide a second line of defense to identify threats that make it past the preventative line. Detective controls are still vital for monitoring, investigation, and incident response. Historically, implementing detective controls in a preventive manner has been challenging, but new tools provide an effective solution to enforce these common detective controls preventively, enhancing overall security posture.

Why We Need Preventative Cloud Security

This is where preventative approaches to cloud security become essential. Adopting such methods involves deploying inline security measures between users and the cloud.


As deployment requests are made, these security systems analyze them against configured security policies. Any requests that violate these policies are immediately blocked, ensuring that only compliant resources are created. This approach emphasizes prevention over detection, eliminating the flood of policy violation alerts by avoiding misconfigurations in the first place. Security teams can then concentrate on real incidents rather than addressing misconfiguration.


Vendors like Kivera are at the forefront in this area of cloud security. Kivera's solution allows customers to define flexible guardrails and policies tailored to their organization's needs. It then enforces these policies in real-time as users interact with the cloud, preventing misconfigurations at their source and avoiding reactionary measures after the fact.


Best practices for implementing a prevent-first strategy include phasing in prevention by starting with the highest-risk misconfiguration threats and then incrementally expanding policies. Prevention should also be combined with detection tools for layered defenses to catch novel threats while tuning alerting to focus only on critical issues not prevented outright. Processes and training must align with prevention, emphasizing configuring policies over correcting violations. And any violations that still occur should be regularly reviewed to identify and address gaps in coverage.

The Future of Cloud Security

Today's cloud-first world demands a new approach to security. The volume and pace of threats have rendered traditional reactive models ineffective. Organizations need to prevent threats upfront before damage occurs.


The future of security is prevention combined with detection. Organizations still need layered defenses to catch evolving threats. But prevention must come first to establish a robust security posture.