Avatar

Cloud transformation has given rise to a new era of business innovation and growth. According to Enterprise Strategy Group, more than half of production workloads will be running on public cloud infrastructure within the next two years, positioning cloud computing center-stage as the best practice for solving critical business issues and enabling agility. However, the unforeseen by-product of this evolution is complexity, and complexity is the enemy of security.

Decentralized IT infrastructure, expanding attack surfaces, and a lack of visibility and control have made it more difficult than ever to secure enterprise workloads in the cloud. Organizations need to employ a holistic security approach that targets the entire threat chain from initial access to external connectivity and data exfiltration.

The importance of egress security in today’s multicloud world

Today’s threat actors operate under a variety of motives. They may attempt to steal customer information or other proprietary data. They may hijack IT resources for nefarious use. They may take control over critical systems in an attempt to disrupt operations or extract a ransom payment. And they may do several of these things, together, all at once.

The point is—attacks do not stop when the initial breach is made, or the final target has been compromised. Once inside, threat actors or their malicious applications often have to connect with external systems or networks outside the organization to communicate critical telemetry and counterintelligence information and, eventually, extract data. Making things more difficult is the fact that sometimes the threats can communicate with trusted websites or platforms such as GitHub to deliver malware. However, this communication is an opportunity for security teams to detect, identify, and stop malicious activity before real damage has been done.

Egress security often acts as the last line of defense before workloads reach the public Internet or other unauthorized networks. Egress security was rarely an issue when everything sat in a hardened data center behind robust firewalls and applications rarely tried to communicate with outside entities on the public Internet. But what happens when your entire business model relies on continuous, ubiquitous connectivity to tens of thousands of distributed endpoints, web applications, and Software as a Service (SaaS) platforms across multiple public and private cloud environments? Suddenly, egress security gets very real and very complicated.

Unfortunately, existing multicloud security solutions were designed for a world that doesn’t exist anymore and haven’t kept up with the acceleration of cloud transformation. Ensuring data loss prevention (DLP) policies are applied appropriately and consistently across multiple cloud environments is virtually impossible, requiring manual intervention and control using a variety of tools and solutions. Teams across the organization are left on their own for harmonizing the delicate balance between securing users and applications, connecting correct users to the correct applications across multicloud environments, and securely mitigating complexity as they scale. They often have to deploy multiple management consoles and policy management tools while adding yet another tool for log analytics. This multi-tool approach creates disparity, complexity, and confusion—leading to higher risk and cost for organizations. Some organizations use homegrown solutions to consolidate this tool sprawl, but these require manual configuration and updates every time a new cloud provider is added – contributing to uncontrollable tech debt.

Specifically, tool sprawl leads to unwieldy change control processes that are magnified by dynamic environments that limit business agility. This is creating friction between NetOps, SecOps, and cloud teams who find themselves working in silos, separate from each other, the opposite of harmony. The inability to work cohesively is making it hard to achieve high availability, scalability, and resilience in cloud infrastructure.

Cisco Multicloud Defense simplifies egress security

Cisco Multicloud Defense helps security teams gain multidirectional protection across multiple clouds and workloads to block inbound attacks, prevent lateral movement and stop data exfiltration – and it allows you to do this all from a single SaaS platform. Cisco Multicloud Defense alleviates security complexity across public and private cloud environments with consistent policy controls and deep visibility into workloads – including potentially-malicious and unauthorized traffic flowing out of the network such as command and control communications and data exfiltration. Just as critical, security teams can be assured that policies are being applied appropriately and consistently across multiple cloud environments through tag-based policies.

Cisco Multicloud Defense enables egress security through advanced domain and URL filtering capabilities combined with DLP. Working together in a single solution provides unparalleled visibility into all cloud workloads, allowing organizations to automatically detect and analyze outbound communications, identify malicious intent and risk, and block unauthorized connectivity and data exfiltration.

Command & Control: Threat actors need to communicate back to an owned server to confirm a breach, receive further instructions and control affected systems. Cisco Multicloud Defense uses artificial intelligence (AI) and machine learning (ML) to identify these unauthorized communications, alert security teams of the breach, and automatically apply policies that severe connectivity.

Data exfiltration: Traditional DLP solutions rely on several technologies to identify and block critical data flowing out of the organization. Cisco Multicloud Defense integrates these DLP capabilities with egress filtering to stop the loss of information before it is too late.

Keeping multicloud environments secure without impacting productivity or agility

Cisco Multicloud Defense provides security throughout the entire threat chain – from initial breach to data exfiltration. Egress security gives organizations the ability to identify suspicious or abnormal behavior that may alter the controlled flow of data inside and outside of the network. However, expanding threat surfaces and IT complexity in today’s environments make it hard to detect, analyze, and eventually stop unauthorized external connectivity and data exfiltration using traditional means. Cisco Multicloud Defense greatly simplifies security across complex environments, ensuring that organizations can take full advantage of the ever-evolving multicloud world.

To learn more about Cisco Multicloud Defense:


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn



Authors

Vishal Jain

Vice President

Security Business Group Engineering