In recent years, Cloud Security Posture Management (CSPM) tools have become increasingly popular, and with good reason. The posture management capabilities a CSPM provides can help an organization better understand cloud configuration to prevent potential security incidents. The basic idea is that a CSPM will monitor how secure your cloud environment is, so breaches won't happen.

Enterprises just starting out with a CSPM or Cloud Native Application Protection Platform (CNAPP) may be looking to this tool as a silver bullet for anything cloud security related. However, despite organizations having CSPM or CNAPP technologies, attacks and cloud and SaaS security breaches still happen. It's a situation that is somewhat reminiscent of the earliest era of internet security, when everyone had antivirus technology, but systems still got malware and got breached. No preventative system, no matter how robust, can fully eliminate cloud breaches.  

CSPM Strengths and Limitations

CSPM platforms are designed to highlight problems, errors, and security risks related to an enterprise’s current cloud configurations or workloads. They sound the alarm on misconfigurations through alerts and remediate the insecure configurations that they find. These are vital capabilities for companies using the cloud. However, they’re not the only cloud security capabilities modern enterprises require. That’s because when something happens, a CSPM can't investigate the whole cloud attack lifecycle or help you determine the blast radius.

Imagine you have a house, with different doors and windows. A CSPM can tell you the material the doors and windows are made of, what condition they’re in, and point out areas that need to be repaired. It can tell you if a faulty lock has left a window open. A CSPM can’t tell you if anyone entered that window—or piece together what happened once they were inside.

In today’s escalating cloud threat landscape, it’s not enough to fix the “faulty lock.” You have to be able to fully investigate the threat and quickly get answers. Did an incident take place?  If so, how did the attacker get in? Where did they go while they were inside? And what did they take?


Bridging the Gap with Context-Informed Threat Analysis

Where CSPMs leave off (at check-the-box cloud detection and response), new solutions are needed that empower teams with deep cloud investigation capabilities. And they need to do so without requiring deep cloud IR knowledge. Mitiga's solution steps in where the capabilities of CSPM and CNAPP technologies of the world stop.

So, let’s go back to our house metaphor: When a break-in happens, CSPM and CNAPP solutions aren’t able to investigate. With Mitiga, if your “house” is broken into, we can quickly tell you that the attacker entered through a crack in the window, that they took keys from the nightstand, ate all the food in your refrigerator, took your car and drove off.

That's the sort of clarity and context organizations operating in the cloud need. It's simply not enough to only know the state of cloud posture.

Mitiga addresses the gap left by CSPM and CNAPP tools by proactively and continually gathering, retaining and analyzing all the cloud application log data required for investigation to provide critical context, including the full scope of compromise.

But what if the attacker is already inside your house, hiding in the basement or the attic, waiting for the right moment to strike? How would you know if they are there, and what they are planning to do? This is where threat hunting comes in. Threat hunting is the proactive search for signs of malicious activity within your cloud environment, before they cause damage or data loss.

By using advanced techniques such as anomaly detection, behavioral analysis, and threat intelligence, Mitiga helps identify and eliminate any threats that have evaded your security controls and gone unnoticed. By empowering teams with knowledge of the tactics, techniques and procedures used by attackers, this context-informed threat analysis enables and dramatically accelerates incident response, lowering breach impact.

Users of CSPM tools understand well the importance of finding and fixing vulnerabilities. Now it’s time for enterprises to close the gap in their cloud investigation capabilities. Mitiga can help.

LAST UPDATED:

April 23, 2024

Supercharge your SOC's cloud capabilities. Download the whitepaper.

Don't miss these stories:

EKS Role Unchaining: Tracing AWS Events Back to Pods for Enhanced Security

Learn two approaches for EKS unchaining that allow teams to associate AWS events with the pods that triggered them.

5 Common Threat Actor Tactics Used in Cloud, Identity, and SaaS Attacks

Explore five common tactics used in cloud attacks and recommendations on how to defend against them.

Tactical Guide to Threat Hunting in Snowflake Environments

It was brought to our attention that a threat actor has been observed using stolen customer credentials to target organizations utilizing Snowflake databases.

Unlocking Cloud Security with Managed Detection and Response

See how Mitiga’s Cloud Managed Detection and Response tackles complex cyber threats with proactive threat management and advanced automation at scale.

Rethinking Crown Jewels Analysis: Mitigating Cybersecurity Bias

Uncover the risks of bias in Crown Jewels Analysis (CJA) and learn strategies to protect your organization's most valuable assets with a comprehensive approach.

Microsoft Breach by Midnight Blizzard (APT29): What Happened?

Understand the Midnight Blizzard Microsoft breach by APT29, what happened, and key steps organizations should take to strengthen their defenses.