Threat and Vulnerability Management tools, logging, monitoring and configuration
management. The controls chosen also need to take into account the nature of the envi-
ronment being protected. For example, in a public cloud environment where we are
adopting an Assume Breach mindset, it may be prudent to adopt a BeyondCorp or Zero
Trust access model where we no longer trust that whole networks are secure, and
instead use authentication mechanisms to determine the precise resources required by
an entity requesting access.
Is always assuming a breach overly cautious? In 2018, a researcher ran a honeypot
instance (see inset) on AWS, and published his results on Kaggle. Beyond the sheer
range of attacks observed, there was one key metric that jumped out: there were an
average of 99 attacks PER HOUR, not including those automatically absorbed by the
AWS infrastructure. Considering that just one attack needs to be successful to wreak
havoc, and that, according to the 2018 Cost of a Data Breach Study by IBM Security, the
Mean Time to Identify (MTTI) a breach is 197 days, the idea that an environment might
already be compromised is actually not that improbable. In this way, adopting an
Assume Breach approach in your cloud security practice can not only simplify the deci-
sion-making processes, but can also be a prudent step that greatly improves the quality
of your security posture.
SUMMER
FALL 2019 | THE DOPPLER | 35