Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Cloudy with a Chance of Hackers: Protecting Critical Cloud Workloads

If you've been following along with David's posts, you'll have noticed a structure to the topics: Part I: The Plan, Part II: The Execution and now we move into Part III: Security Operations. Things get a bit more exciting at this point as we discuss topics to detect, delay and mitigate active cyber threats. The planning and delivery of our security solutions are about to pay off!

For many enterprises, cloud resources are becoming the data center's core. As these resources grow, it can be difficult for IT staff to keep up with daily administrative tasks, let alone learn the skills to provide security protections. So, how does one protect a variety of workloads in the cloud without having to worry about security misconfigurations?

 

Introducing Cloud Workload Protection Platforms

A Cloud Workload Protection Platform, or CWPP, is a service that provides a set of protections for resource types, such as virtual machines, containers, or databases. CWPPs can make the administrator's job easier by providing them with an easy button for protecting cloud workloads.

 

Workload Protection Examples

Here are some CWPP examples and a brief description of what protections they provide:

table a
Image 1: CWPP examples and a brief description of their protections.

 

Building a workload protection framework

A CWPP can often be used independently, but it’s usually operated within the framework of other services. Some common components in a workload protection framework include:

  • CSPM – Cloud Security Posture Management
  • CWPP – Cloud Workload Protection Platform
  • DevSecOps – Security Operations as it relates to application development
  • SIEM – Security Information and Event Management

Note: Microsoft refers to their CSPM + CWPP as a CNAPP – Cloud Native Application Protection Platform.

 

Image 1 A workload protection framework example. Courtesy Microsoft
Image 2: A workload protection framework example. Courtesy: Microsoft

 

Challenges with multi-cloud architectures and CWPP

Workload protection service offerings from vendors will vary greatly. Don’t depend on vendors to understand every unique workload requirement. Develop a CWPP framework that matches your organization’s needs. Here are a few common challenges to consider:

Integration Complexity
Each cloud provider may offer a unique set of APIs, services, and management tools. Integrating a CWPP across multiple cloud environments requires deep knowledge of each platform to ensure security controls are properly implemented and maintained.

Inconsistent Security Controls
Cloud vendors often have different security controls and capabilities. This inconsistency can lead to gaps in security posture when applying a uniform security strategy across multiple clouds.

Complex Threat Landscape
A multi-cloud environment expands the attack surface, introducing complex security threats that can vary from one cloud to another. Keeping up with evolving threats and adapting CWPP configurations accordingly across different clouds requires continuous effort and expertise.

Cost Management
Deploying and managing CWPPs across clouds can be costly. Organizations must carefully consider the costs associated with licensing, operations, and any additional services required to maintain security across different platforms.

Skill Gaps
There is often a shortage of skilled security professionals who are proficient in managing and securing workloads across one or multiple cloud platforms. This skill gap can lead to misconfigurations and potential security vulnerabilities.

 

Summary

Cloud administrators often know little about the applications being used. Workload protections, such as CWPP, can make security much less complicated. It’s important to graduate into the use of CWPP in a phased approach as needed for your organization.

References
Microsoft Defender for Cloud | Microsoft Security

About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions

This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.

Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.

Compliance
All topics mentioned in this series have been mapped to several compliance controls here.

About the Author

David Broggy is Senior Solutions Architect, Implementation Services at Trustwave with over 21 years of experience. He holds multiple security certifications and won Microsoft's Most Valuable Professional (MVP) Award for Azure Security. Follow David on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo