Ransomware: proactive protection in the cloud 

Ransomware: proactive protection in the cloud

Share post

The Orca Security and AWS guide outlines five key steps organizations can take to better protect against ransomware in the cloud. Businesses should use AWS Backup to create immutable backups of their most important cloud resources and run regular tests.

Ransomware attacks are now also affecting cloud resources. However, the therefore indispensable ransomware prevention in the cloud is not only to detect malware, but also to continuously secure and harden the cloud environment. The aim is to prevent attackers from being able to reach their goal. Organizations must also ensure they use AWS Backup to create immutable backups of their most critical cloud resources and conduct regular testing.

White paper for CISOs and cloud security professionals

In their new white paper, aimed at CISOs, cloud security professionals, risk management professionals, and DevOps team leaders, Orca Security and Amazon Web Services (AWS) outline five key actions to protect against ransomware in cloud environments. Specifically, the guide highlights how the Orca Security Platform enables enhanced and continuous visibility into AWS resources and services. This applies to Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Simple Storage Service (Amazon S3) buckets, AWS Fargate, and AWS Lambda.

Know the most important cloud resources

Ransomware attackers conduct reconnaissance both before and during their attacks, looking for the most sensitive files. Therefore, it is important to know which assets are most critical to the business in order to prioritize hardening those areas and remediating risks. Orca creates a complete inventory of cloud assets in AWS cloud environments, including assets when they are added, deleted, paused, or changed. This includes EC2 instances, containers, and Lambda resources, as well as cloud infrastructure resources such as S3 buckets, VPCs, KMS keys, and more.

To determine which assets are business-critical, Orca automatically discovers sensitive data. In addition, customers can label and classify critical assets themselves. The "crown jewels" categories include personal information, secrets, intellectual property, financial information, and other sensitive data.

Detect malware in the cloud workloads

Malware scans are the first line of defense for detecting ransomware. While signature-based scanning for file hashes (signatures) is designed to find known malware, it's important to also use heuristic detection. This enables the detection of polymorphic malware and zero-day threats. For malware detection to be effective and useful, cloud resources must be fully and regularly scanned without impacting performance. However, agent-based solutions are resource-intensive and typically not deployed on all assets, leaving some malware undetected.

Orca's agentless sidescanning technology inspects cloud workloads out-of-band for malware, eliminating the performance impact and operational overhead of agents.

Vulnerabilities in the cloud environment

To protect against potential attacks, security teams must regularly scan their cloud environments for vulnerabilities, including operating systems, workloads, and applications. Orca leverages 20+ data sources to discover and prioritize vulnerabilities across the cloud environment. When scanning for vulnerabilities, Orca extracts all operating system packages, libraries, and programming language libraries such as Java archives, Python packages, Go modules, Ruby gems, PHP packages, and Node.js modules. The platform then gathers library versions and other identifying characteristics to detect any unpatched vulnerabilities. Orca also offers CI/CD integration that enables vulnerability scanning early in the development lifecycle, including infrastructure as code (IaC) and container image scanning.

Identify exploitable IAM misconfigurations

Misconfigurations in identity and access management (IAM), such as B. Overly revealing identities, poor password and login practices, and accidental public exposure are all critical. Ransomware attackers can exploit these flaws to either invade cloud resources or migrate to other assets on themselves.

Orca automatically detects and prioritizes common and suspicious IAM misconfigurations across resources within AWS to meet stringent IAM compliance mandates and improve cloud security posture.

Recognize sideways movements and attack paths

Increasingly sophisticated ransomware attackers are moving towards high-value assets within a network, using vulnerabilities and misconfigurations to achieve their goal. By combining intelligence from the workload (data plane) with AWS metadata (control plane), Orca gains full visibility into a customer's entire AWS cloud system to understand the connection between different assets. The platform detects risks and vulnerabilities that could allow lateral movements in the cloud environment and provides remedial actions to strengthen the security posture.

More at Orca.security

 


About Orca Security

Orca Security delivers out-of-the-box security and compliance for AWS, Azure, and GCP—without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Simplify cloud security operations with a single CNAPP platform for workload and data protection, cloud security posture management (CSPM), vulnerability management, and compliance. Orca Security prioritizes risks based on security issue severity, accessibility, and business impact.


 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more