The most recent Alert Logic Cloud Security Report was delivered last week. We’ve been issuing these reports since 2012 using data from our many customers – cloud and otherwise. Analyzing the data tells us a lot about security trends in general, as well as how security threats differ in the cloud versus on-premises environments. We make the report available so that our customers, partners and other interested parties can learn what’s happening and better protect themselves.
On May 15, we’re co-hosting a webinar with HOSTING. Our Chief Security Evangelist, Stephen Coty will join Eric Hutts, Vice President of Strategic Accounts at HOSTING, to discuss details from the report and cover best practices for cloud security. Everyone is welcome! Please register today and join us on May 15.
I’d like to preview a few of results for you here. Before I do that, here a few details about the data:
- The data comes from real-world security incidents captured by our intrusion detection system (IDS). Noise and false positives are corrected by our patented correlation engine as well as our Security Operations Center analyst team, who review each incident to ensure validity.
- This report is based on 232,364 verified security incidents, identified from more than one billion events observed between April 1 and September 30, 2013.
- The customer set includes 2,212 organizations across multiple industries, located primarily in North America and Western Europe.
- Cloud hosted provider environments account for 80% of the customers. The remaining 20% represent on-premises datacenters.
- For this report, we also deployed honeypots in public cloud infrastructures around the world in order to observe the types and frequencies of attacks, and how the attacks vary geographically.
The Cloud Security Report Results
With all this data, we were able to collect a lot of interesting results. Again, you can download the report or tune into the webinar for all the details, but here are a few things that I found particularly interesting:
- Cloud and on-premises attacks are looking more-and-more similar. With one exception, attacks of all types are increasing in both cloud and on-premises environments. That’s likely not a surprise to anyone. What was surprising was the data that shows that many traditional on-premise threats are now showing up more frequently in cloud environments. For example, malware and botnet attacks, historically the most common attacks in the on-premises datacenter are on the rise in cloud environments.
- There are still noticeable differences in the cloud versus on-premises threats. Web application attacks are still more pronounced in cloud environments (44% affected) than on-premise (31% affected). And while malware/botnet attacks are most prominent in on-premise environments (56%), they represent just 11% of the attacks in cloud environments.
- Honeypot networks are a great source of information. Our honeypot data was interesting too. In our global honeypot network, we saw the highest volume of attacks in Europe. (I would have expected North America to be the bigger target.) Most surprising was looking at malware collected by our network. Fourteen-percent of the malware collected was considered undetectable by 51 of the world’s top antivirus vendors. Surprising and also scary. Anti-virus is important, but this data shows that anti-virus probably isn’t enough to be totally secure.
So what should you make of this data? An obvious observation is that given attacks are increasing in every environment; you should have a security plan for every environment. Don’t expect on-premises or the cloud to be more or less secure than the other environment – just expect that attacks will occur in both and expect the types of attacks to vary. Implement the tools and processes you need to be secure. There’s much more you can do of course and Stephen and Eric will share some good insight and ideas, so hopefully we’ll see you at our Alert Logic and HOSTING webinar in May.