The Orca Security and AWS guide outlines five key steps organizations can take to better protect against ransomware in the cloud. Businesses should use AWS Backup to create immutable backups of their most important cloud resources and run regular tests.
Ransomware attacks are now also affecting cloud resources. However, the therefore indispensable ransomware prevention in the cloud is not only to detect malware, but also to continuously secure and harden the cloud environment. The aim is to prevent attackers from being able to reach their goal. Organizations must also ensure they use AWS Backup to create immutable backups of their most critical cloud resources and conduct regular testing.
White paper for CISOs and cloud security professionals
In their new white paper, aimed at CISOs, cloud security professionals, risk management professionals, and DevOps team leaders, Orca Security and Amazon Web Services (AWS) outline five key actions to protect against ransomware in cloud environments. Specifically, the guide highlights how the Orca Security Platform enables enhanced and continuous visibility into AWS resources and services. This applies to Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Simple Storage Service (Amazon S3) buckets, AWS Fargate, and AWS Lambda.
Know the most important cloud resources
Ransomware attackers conduct reconnaissance both before and during their attacks, looking for the most sensitive files. Therefore, it is important to know which assets are most critical to the business in order to prioritize hardening those areas and remediating risks. Orca creates a complete inventory of cloud assets in AWS cloud environments, including assets when they are added, deleted, paused, or changed. This includes EC2 instances, containers, and Lambda resources, as well as cloud infrastructure resources such as S3 buckets, VPCs, KMS keys, and more.
To determine which assets are business-critical, Orca automatically discovers sensitive data. In addition, customers can label and classify critical assets themselves. The "crown jewels" categories include personal information, secrets, intellectual property, financial information, and other sensitive data.
Detect malware in the cloud workloads
Malware scans are the first line of defense for detecting ransomware. While signature-based scanning for file hashes (signatures) is designed to find known malware, it's important to also use heuristic detection. This enables the detection of polymorphic malware and zero-day threats. For malware detection to be effective and useful, cloud resources must be fully and regularly scanned without impacting performance. However, agent-based solutions are resource-intensive and typically not deployed on all assets, leaving some malware undetected.
Orca's agentless sidescanning technology inspects cloud workloads out-of-band for malware, eliminating the performance impact and operational overhead of agents.
Vulnerabilities in the cloud environment
To protect against potential attacks, security teams must regularly scan their cloud environments for vulnerabilities, including operating systems, workloads, and applications. Orca leverages 20+ data sources to discover and prioritize vulnerabilities across the cloud environment. When scanning for vulnerabilities, Orca extracts all operating system packages, libraries, and programming language libraries such as Java archives, Python packages, Go modules, Ruby gems, PHP packages, and Node.js modules. The platform then gathers library versions and other identifying characteristics to detect any unpatched vulnerabilities. Orca also offers CI/CD integration that enables vulnerability scanning early in the development lifecycle, including infrastructure as code (IaC) and container image scanning.
Identify exploitable IAM misconfigurations
Misconfigurations in identity and access management (IAM), such as B. Overly revealing identities, poor password and login practices, and accidental public exposure are all critical. Ransomware attackers can exploit these flaws to either invade cloud resources or migrate to other assets on themselves.
Orca automatically detects and prioritizes common and suspicious IAM misconfigurations across resources within AWS to meet stringent IAM compliance mandates and improve cloud security posture.
Recognize sideways movements and attack paths
Increasingly sophisticated ransomware attackers are moving towards high-value assets within a network, using vulnerabilities and misconfigurations to achieve their goal. By combining intelligence from the workload (data plane) with AWS metadata (control plane), Orca gains full visibility into a customer's entire AWS cloud system to understand the connection between different assets. The platform detects risks and vulnerabilities that could allow lateral movements in the cloud environment and provides remedial actions to strengthen the security posture.
More at Orca.security
About Orca Security Orca Security delivers out-of-the-box security and compliance for AWS, Azure, and GCP—without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Simplify cloud security operations with a single CNAPP platform for workload and data protection, cloud security posture management (CSPM), vulnerability management, and compliance. Orca Security prioritizes risks based on security issue severity, accessibility, and business impact.