The internet is becoming an increasingly hostile place. The abundance of insecure IoT devices has made it easier than ever for bad actors to perform malicious actions without exposing their true source. As a result, the sheer volume of scanners and auto exploit kits in use practically guarantees that if a service comes up online, it will come under attack.
To illustrate the challenges businesses face, we teamed with a third-party firm to conduct our own Honeypot research aimed at finding out exactly what can happen – and how quickly – if a small healthcare business were to operate in three different scenarios: without any security controls, with minimum cloud-native security controls, and with Armor Anywhere deployed on the environment. Here is some of what was uncovered in the span of roughly three months:
- 10,000+ scans and attempted targeting actions against the network: started in under 3 minutes
- Hundreds of attempts to move deeper into the system, mainly via brute force and shell shoveling
- Approximately three focused exploits per day per instance
This malicious activity means that even a small misconfiguration or insecure application can quickly lead to a compromise by an opportunistic attacker. For small and midsized businesses (SMBs), this presents an interesting problem: business applications need to be set up and functioning properly, but also protected and monitored to minimize the likelihood of a potentially embarrassing or costly breach. While many businesses have IT teams, in many instances they are already pushed to capacity with day-to-day administration and support duties. Initial thinking on how to solve this problem would be to build out a dedicated security team, and for very large companies, an entire security operations center (SOC). While this may have been feasible in the past for those with large budgets, there are some pressing issues in implementing such a DIY solution today.
First, building out a SOC is pricey. Before even considering the budget for staffing, you must consider the cost of equipment, factoring in licensing for endpoint protection, log aggregation systems, network monitoring systems and deployment of a SIEM. Secondly, there is a well-recognized shortage of security professionals available to staff such a team. Recent forecasts by ISACA predict show a global short fall of two million cyber security professionals by 2019. Lastly, money and personnel permitting, a SOC is still a costly endeavor in terms of time. It takes time to install and configure equipment, train personnel, and tune sensors to facilitate daily operations. Even once all of this is done, there is still the required upkeep and maintenance of all these various systems and components to consider as a required investment from a business.
Further compounding the problem of cloud security is the fact that both the cloud and security elements can be individually difficult topics to initially figure out for a business; trying to do both at once may be overwhelming. It was to address these issues that Armor came into being. Our security solutions provide an easy and cost-effective method for SMBs to get all the benefits of a SOC, at the click of a button, on their cloud resources, whether hosted with us or with a third-party-provider. And Honeypot results prove it:
- Armor Anywhere identified traffic from malicious attacker IPs, and provided actionable information to the customer
- Armor Anywhere found 13 vulnerabilities within the server due to an unpatched version
- With Armor Anywhere, the small healthcare organization had visibility into their environment with Armor security experts identifying threats and providing guidance on how to remediate in real time
In choosing Armor, businesses receive 24/7/365 managed cloud security – no matter the environment – from experts with a combined 60 cyber security certifications and who managed more than 4,800 security incidents and analyzed more than 771 billion logs in 2016. Now that’s what we call experience. Additionally, Armor takes the complex security situation and distills it down to easily digestible and actionable information via the Armor Management Portal. By providing regular vulnerability reporting, system patch status and security event notifications, SMBs can easily maintain a pulse across their cloud resources and know where to prioritize IT resources. With Armor, the burden of maintaining and orchestrating the entire security stack is handled by our dedicated and trained staff, freeing up our customers time to focus on other business priorities.
To learn more about our offerings, visit Products Overview.
Download the HoneyPot research and findings at: Cloud Security: The Honeypot Project.