Mitiga Announces $30M Series B Led by SYN Ventures READ THE NEWS

Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

Golden Time

In the Army, we defined “Golden Time” not only as the period around sunrise or sunset, but also as the time when the watch changes shift, or when one unit replaces another.

“Golden Time” was always a time when increased vigilance and readiness were imperative because most attacks occur during this time.  

Typically, sunrise and sunset are the times of day when people – whether in the military or in civilian life – tend to be less alert. Such a lapse in alertness can easily happen when one army force replaces another.  

The departing force’s duties and responsibilities are transitioning a new force. They’re tired and ready to leave. The replacements are still getting used to the base; learning more about their new duties and schedules; and can be less attuned to potential danger. Fortunately, experienced command and planning units prepare and execute meticulously to make sure each force turnover happens efficiently, vigilantly, and with the least amount risk.

Risks During Transitions to the Cloud

Similar scenarios play out for many of today’s businesses during digital transformation and in particular, during the transition to the cloud.  

In cloud transitions, the goal is move business processes from an on-premises environment to a cloud-based environment. Inevitably, as the transition progresses, some business processes are fully transferred while others are still in flux. It’s during this period of the turnover that incident response playbooks are no longer relevant.  Reality has changed.  The new environment doesn’t reflect the one the playbook was written for, and the threats to the new digital footprint are not addressed.  

Also, while it is the case that most of the company’s IT/security resources are proficient with the on-prem environment, they most likely will not yet fully understand the new technology within IaaS, PaaS and SaaS, making it very hard to respond efficiently to incidents.  

Additionally, while in transition teams might not have the right event logs connected to the SIEM and/or understand how to correlate between the events to monitor suspicious activity. And given that there will be a lot of duplicated business process on-prem and on-cloud for a period of time, it will be complicated to understand if a breach happened and impossible to track lateral movement as any breach could start on-prem and move to the cloud and vice versa.  

This is the ‘best’ time for attackers to make a move against an organization. Most organizations transitioning to the cloud do it over a year or more, leaving a lot of opportunities for adversaries to act.

What should you do?

Times like cloud transition require extra caution and precise tracking of business processes that are migrating to the cloud. It is necessary to validate if a process still exists on-prem or not. Care must be taken to ensure security settings don’t open new holes and breaches. Information (logs) being saved and monitored must be validated for completeness, so that when something happens, there is enough to run an investigation. Training and evaluation is essential to ensure that cloud security and hybrid incident response skills are present in the organization and among suppliers. This is vital now more than ever before since it is very hard to hire new resources with cloud security knowledge.  

What are the top five new security challenges in cloud environments?

LAST UPDATED:

May 3, 2024

Don't miss these stories:

Cyber Trends for 2024: What Security Leaders Should be Executing Next

As we hurtle into this new year, it’s already clear that there is an evolving set of cyber risks that organizations will need to contend with successfully to manage threats and grow their organizational resilience in 2024. Below, I’ll outline three of the biggest ones, sharing recommendations and execution checklists that can help enterprises enhance their threat readiness and elevate security postures as the threat landscape continues to evolve.

How to Protect Your Business From the Most Dangerous Cyberthreats

Ransomware attacks are on the rise, and it now more important then ever to be prepared. Be prepared by having an up-to-date incident response plan. Learn more.

Stop Ransomware Attackers From Getting Paid to Play Double-Extortionware Games

In the past, many companies relied on backups to get back to business quickly if they were attacked. Reliable, secure backups separated from the primary environment made it much more difficult for an attacker to access and encrypt them. That long-standing process no longer deters double-extortionware actors — instead, today’s attackers not only encrypt the data but also exfiltrate it.

SEC Cyber Disclosure Rule FAQ: What Leaders are Asking Us

The U.S. Securities and Exchange Commission (SEC) recently implemented a new rule mandating stringent cybersecurity incident reporting and disclosure requirements for public companies.

Log4Shell - identify vulnerable external-facing workloads in AWS

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

For Incident Response, Give Peacetime Value a Chance

As an IR vendor, it is important to keep your customers up to date and prepared between breach attempts. Learn how to increase your peacetime value now.