Modern enterprises often use hybrid computing architectures that consist of both on-premises and cloud-based resources.
A hybrid architecture makes it easier to conduct business but it poses new challenges in terms of security, which becomes a shared responsibility between cloud providers and enterprises. Providers are responsible for operational security and service reliability, while cloud customers are responsible for data security and how they use cloud services.
Attackers are well aware of the shared responsibility security model. Today, they increasingly exploit end-user confusion and security oversight, along with innate vulnerabilities in cloud deployments, to attack enterprises that naively believe they’re secure.
Cloud systems, by nature, are especially vulnerable to threats such as unauthorized access and data loss:
| Attack Category | Description/Examples | Cloud Vulnerability |
| Unauthorized Access | Malicious login activity for users and admins, admin settings changes, privilege escalations, logins from unusual international locations, phishing and credential theft | Cloud services are designed for access from multiple locations and come with support for multiple devices and operating systems, making them particularly vulnerable to unauthorized access. |
| Data Exfiltration | Data breaches, where attackers attempt to acquire sensitive data, such as personally identifiable information, intellectual property, etc. | Cloud systems enable remote access, data download, and ubiquitous mobility. Third party API access and OAuth token issues may expose sensitive data. Compromised mobile devices may also result in data loss. |
| Resource Misuse | Cryptocurrency mining, “cryptojacking,” hackers exploiting corporate resources to provide services | Cloud instances are easy to create without authorization and control remotely. They often lack comprehensive visibility and native alerting. |
| Insider Threat | Human error, accidental data exposure, malicious insiders | Cloud platforms facilitate data mobility. Hybrid architectures rely on multiple platforms, and many cloud services enable easy creation of public-facing links. |
Because of these threats, cloud security is vital to defend hybrid IT ecosystems, and IT professionals need robust cloud security strategies to protect their companies.
It is a mistake, however, to focus on cloud-exclusive solutions. That type of fragmented approach to security prevents centralized monitoring and exposes enterprises to even greater risks. Instead, enterprises need a centralized security monitoring solution that protects them across platforms, whether on-premises or in the cloud.
Arctic Wolf® detects and responds to advanced threats targeting on-premises systems, infrastructure-as-a-service (IaaS) instances in AWS and Azure, and several leading software-as-a-service (SaaS) applications. Every customer gets a dedicated Concierge Security® Team that correlates activity across systems to deliver comprehensive security visibility and rapid threat detection.
Accelerate Monitoring of Your Cloud Services
In addition to monitoring on-premises environments, Arctic Wolf provides comprehensive visibility into use of your IaaS and SaaS applications to detect malicious activity. Arctic Wolf® Managed Cloud Monitoring provides:
-
24×7 continuous monitoring to ensure business information uploaded to SaaS applications and infrastructure workloads on IaaS services remain safe
-
Single pane of glass across attack surfaces and common incident response framework to centralize monitoring and correlate attacks across network infrastructure and data in cloud, hybrid, and on-premises environments, including SaaS applications, Active Directory, FW/IDPS, endpoints, email, switches, wireless APs, cloud workloads and more
-
Effective low-noise threat detection via the Concierge Security team that sets customized rules to limit false positives from native events and identify threats specific to your environment and business
-
Regulatory compliance for PCI DSS, HIPAA and SOX with expert support and custom and pre-defined reporting
Gain Visibility into Attacks Targeting Cloud Services
Detect suspicious activity in:
IAAS
Supported Platforms:
- AWS
- Azure
Support Alerts:
- Suspicious resource usage, access, and deletions
- Changes to profiles and access
- Brute-force logins
- Concurrent access
- Blacklisted IP sign-in
- Hijacked admin accounts
SaaS
Supported Platforms
- Office 365
- Salesforce
- Box
- G Suite
Supported Alerts
- Modified administrator settings
- Administrator privilege escalation
- Resources accessed or altered
- OAuth token and API access changes
- Group privacy or domain changes
- SSO configuration changes
- Anomalous login activity
- Brute-force logins
- Concurrent access across geos
- Compromised mobile device activity
- DLP violations
- Changes to file and folder permissions
About Arctic Wolf
Arctic Wolf® is the market leader in security operations. Using the cloud-native Arctic Wolf® Platform, we provide security operations as a concierge service. Highly trained Concierge Security® experts work as an extension of your team to provide 24×7 monitoring, detection, and response, as well as ongoing risk management to proactively protect systems and data while continually strengthening your security posture. For more information about Arctic Wolf, visit arcticwolf.com
