Gaps in the Cloud Are Letting Hackers Fly Under the Radar

Why Trust Techopedia

Gigamon, a company that helps secure hybrid cloud infrastructures for Lockheed Martin, Amazon’s AWS, Johns Hopkins Medical Institution, and the Department of Defense, sound the alarm that organizations are losing ground in the cybersecurity arms race.

As global cloud architecture evolves and hybrid cloud complexities scale, most attacks fly undetected under the radar, with CISOs alerted too late to breaches.

Techopedia sat with Chaim Mazal, CSO at Gigamon, and other experts to understand why existing security tools are failing, the role of encryption and ransomware in the artificial intelligence era, and how hybrid clouds must adapt.

Key Takeaways

  • Encryption is being exploited by attackers to hide their activities, leaving organizations vulnerable to undetected breaches.
  • Deep observability is essential to gain insights into all dataflows and identify threats proactively.
  • Improved communication and collaboration between IT and security teams are crucial for strengthening cloud security.

The State of Hybrid Cloud Security

On June 18, Gigamon released its annual Hybrid Cloud Security Survey. The report found that one in three organizations was unable to detect a breach in the last 12 months.

Additionally, just 25% were able to respond in real time, revealing a cybersecurity preparedness gap.

Gigamon said the study reveals a decline in detection and response capabilities year-on-year, compared to the company’s 2023 Hybrid Cloud Security report. As hybrid cloud environments grow in complexity, and threat actors launch a barrage of concealed attacks, 65% of respondents believe their existing security tooling cannot detect breaches.

Advertisements

Before we spoke to Chaim Mazal, CSO at Gigamon, here was how he summed up the findings as part of the report.

“It is clear that organizations’ tool stacks are falling short, enabling threat actors to exploit blind spots to breach and extort their victims without fear of detection.

 

“Consider that just 1 in 4 organizations can detect and remediate a live threat. Without real-time, network-derived intelligence and insights into all data in motion, including East-West [communication between different areas of a data center] and encrypted traffic, bad actors will continue to wreak havoc, now with AI accelerating their efforts.”

The annual survey included insights from over 1,000 security and IT leaders across Australia, France, Germany, Singapore, the U.K., and the U.S.

Attackers Go Undetected Hiding Behind Encryption

Mazal from Gigamon spoke to Techopedia about the report and what specific challenges and vulnerabilities are unique to large hybrid cloud environment operations.

“All cloud traffic is automatically encrypted,” Mazal said.

“Despite encryption’s very purpose to keep data safe, our research has found that 93% of malware hides behind encrypted traffic, enabling cybercriminals to traverse laterally within an organization’s network, often going undetected for weeks or even months waiting for the opportune time to attack”.

Mazal explained that most public breaches in recent news are victims of this type of attack — where threat actors often are found “living off the land” for months or even years.

“While I wasn’t surprised to see the survey report that one in three breaches goes undetected, it is still a very alarming statistic.”

From added pressure from boards to achieving Zero Trust architecture without the resources or skills, an overabundance of solutions, and limited visibility; security teams face additional factors that aggravate the situation.

“Many of these concerns can be remediated with deep observability — the ability to extract network-derived intelligence and direct  it to cloud, security, and observability tools.”

It’s All About Deep Observability

As the saying goes, ‘You cannot protect that which you do not see’. This is the exact problem

organizations face every day as their digital hybrid cloud attack surface expands. Most companies are operating in the blind and reacting to incidents.

Despite worldwide security and risk management being projected to total $215 billion in 2024, an increase of 14.3% from 2023, companies still struggle to understand the need for deep observability.

“Hybrid cloud infrastructure continues to evolve, scale, and adapt to facilitate AI deployments, so I expect the danger will only continue to grow,” Mazal from Gigamon told Techopedia.

“Today, 70% of CISOs struggle to gain visibility into encrypted traffic, which as we’ve said is where nearly all malware hides. So gaining complete visibility into both lateral (East-West) and encrypted traffic is paramount for today’s organizations to secure their infrastructure and data.”

Mazal added that internal organizational structures must also adapt to better support security efforts.

Weak technical and organizational links often result in undetected attacks and much of this comes down to communication and the delineation of ownership between CIOs, CISOs, and their respective teams.

“By reviewing and establishing better internal practices, organizations can reduce gaps in the process, promote full ownership/responsibility, and strengthen overall security posture,” Mazal said.

“Deep observability is powered by high-fidelity data and network telemetry, going beyond MELT (metrics, events, logs, and traces) data, and is crucial for cloud security. It helps detect previously unseen threats, deliver defense in depth, and help with complete performance management.”

Hybrid Cloud Security From A Penetration Tester’s Perspective

The Gigamon Hybrid Cloud Security report found that a majority (85%) of CISOs agree that gaining deep observability into a hybrid cloud infrastructure is crucial for shifting to a proactive mindset and preventing attacks. 

Sam Zarn, Senior Penetration Tester at BPM, an accounting and consulting firm, spoke to Techopedia about modern hybrid cloud environment risks and best practices.

“In large hybrid cloud environments, cybersecurity teams get the worst of both worlds. They face unique complexities from both on-premises and cloud-based resources, rather than a consolidated security horizon for both.”

Administrators must decipher ways to appropriately apply controls across an entire organization, both on-premises and in the cloud, even where pathways to do so may differ significantly.

“These hurdles can lead to increased gaps between desired configurations and actual configurations which hurts vulnerability management,” Zarn said.

“Similarly, the extensive number of unique data sources makes it far more challenging to analyze the appropriate data and draw meaningful conclusions from it, exacerbating the struggle to detect attacks.”

So, how should security teams approach hybrid cloud security today? The answer, according to Zarn, is to strive for visibility, standardization, automation, and policy enforcement.

“Having data in the same form everywhere is key.”

Zarn explained that access to rich log data from the cloud provider through application programming interfaces (APIs) often requires additional licensing but can help security teams enhance visibility by analyzing encrypted traffic in the log data.

Hitachi Vantara Talks AI Hybrid Cloud Security

Octavian Tanase, Chief Product Officer at Hitachi Vantara — a wholly-owned subsidiary of Hitachi, spoke to Techopedia about the risks of moving data between on-premises and cloud environments and the need for data strategies.

“A lack of data strategy exposes organizations to heightened cybersecurity vulnerabilities, compliance risks, inefficiencies, and slower operational speeds. Furthermore, there is a potential inability to recognize ransomware attacks while replicating, tiering, or conducting disaster recovery to or from the cloud targets.”

Tanase from Hitachi Vantara said that AI-driven data management solutions, “especially those that target infrastructure and metadata management”, are crucial in today’s hybrid cloud environment.

“By implementing such (AI) solutions, organizations can secure sensitive data and streamline operations.”

Organizations are Unprepared for Today’s Attacks

The Gigamon report, as in many other recent surveys, reveals that security teams are not prepared to deal with modern attacks that leverage AI.

Only 25% of organizations were able to remediate a live threat in a recent breach, and when tooling fails, organizations suffer more serious consequences. Deep observability is viewed as central to modern IT success.

Tanase from Hitachi Vantara spoke about AI and the present and future of the threat landscape..

“By 2031, ransomware is projected to strike every two seconds, and with bad actors growing increasingly sophisticated with the use of AI, it’s no wonder security teams struggle to detect attacks.”

Tanase said that security leaders can no longer rely on traditional security measures like firewalls.

“Visibility should be at the epicenter of every organization’s data infrastructure, particularly at a time at which data is growing at an exponential rate.

The Bottom Line

Traditional security tools are failing to keep up with the growing complexity of hybrid cloud environments and the sophistication of modern attacks. Encryption, once a safeguard, is now being exploited by attackers to hide their activities.

This lack of visibility leaves organizations vulnerable to breaches that go undetected for extended periods. A new approach — deep observability – is gaining ground. By providing insights into all dataflows, including encrypted traffic, deep observability can help security teams proactively identify threats and prevent attacks.

Advertisements

Related Reading

Related Terms

Advertisements
Ray Fernandez
Senior Technology Journalist
Ray Fernandez
Senior Technology Journalist

Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning, and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.