capsule8

Zero-Day Exploits Are Most Prevalent Attack in Hybrid Cloud Environments

New research conducted by ESG reveals security challenges still top of mind but momentum of container adoption shows no sign of slowing

Brooklyn, NY, Feb. 28, 2018 (GLOBE NEWSWIRE)Capsule8, the pioneer behind real-time attack disruption for cloud-native environments, today released new research exploring trends in hybrid cloud adoption. The study, ESG Research: Trends in Hybrid Cloud Security Survey, was conducted by Enterprise Strategy Group in November 2017 and surveyed 450 IT/information security professionals in North America and Western European on their challenges, readiness, and intentions, of hybrid cloud environments and containers. When asked if an attack took place in their hybrid cloud environments, 42 percent of organizations reported an attack in the last year, with 28 percent pointing to a zero-day exploit as the origin.

Hybrid cloud environments are complex to secure with multiple users accessing multiple environments from multiple locations–which most often leads to hybrid security approaches that are a mix of on-premises and in the cloud, internally owned and outsourced. Meanwhile, infrastructure composition is shifting to cloud-resident workloads and containerized apps, introducing even more complexity. Fifty-six percent of those surveyed have deployed containerized production applications, and 80 percent will have them in production in the next 12-24 months. This container adoption is cannibalizing the use of both bare metal servers and virtual machines, but legacy infrastructure will remain a critical part of the enterprise for years to come, requiring security approaches that can handle both container and legacy environments.

Causes of attacks over the last year range from zero-day attacks on their hybrid cloud environment (28 percent), to exploits that take advantage of known vulnerabilities in unpatched applications (27 percent). In the past year, companies also experienced attacks related to the misuse of a privileged account by an inside employee (26 percent), exploits taking advantage of known vulnerabilities in unpatched OS systems (21 percent), and the misuse of a privileged account via stolen credentials (19 percent). Mis-configured cloud services, workloads, or network security controls that led to a successful compromise by a bad actor were also noted (20 percent) as well as malware that moved laterally and infected a server workload (21 percent).

Many of the concerns and obstacles related to running containers and addressing attacks such as the ones listed above echo those of virtual machine adoption from years past. Most companies will not move entirely over to a cloud-native infrastructure and are hesitant to invest in multiple expensive point solutions to protect their multiple environments. Thirty-five percent of those surveyed noted that their current server workload security solution does not support or offer the same functionality for containers, requiring that they use a separate container security solution adding cost and complexity.

“The challenge of balancing the move to a next-gen infrastructure while also maintaining support for current environments is a huge barrier for a lot of companies investigating containers,” said John Viega, co-founder and CEO, Capsule8. “The security concerns are real and as we’ve seen noted here with the rates of zero-day attacks, as well as recent major vulnerabilities such as Spectre and Meltdown, the ability to control and secure these hybrid environments effectively is critical and one of the main pain points we are trying to address at Capsule8.”

Currently, the vast majority of companies (70 percent) are using separate controls for public cloud-based resources and on-premises VMs and servers, leaving only 30 percent using unified controls. This approach is projected to completely reverse in the next 24 months, with 70 percent focusing on unified controls for all server workload types across public cloud(s) and on-premises resources.

To learn how Capsule8 can help you secure your cloud-native environment and legacy Linux infrastructure, visit www.capsule8.com.

About Capsule8

Founded in fall 2016 and headquartered in Brooklyn, NY, Capsule8 is developing the industry’s first and only real-time attack disruption platform purpose-built for the cloud-native world of Linux, containers and microservices. Founded by experienced hackers and seasoned security entrepreneurs, and funded by Bessemer Venture Partners and ClearSky, Capsule8 is making it possible for Linux-powered enterprises to modernize without compromise. Learn more at www.Capsule8.com.

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a ...
The Economics, Concepts and Fundamentals of Cloud Computing

The Economics, Concepts and Fundamentals of Cloud Computing

Fundamentals of Cloud Computing Addressing security concerns of the Public Cloud Enthusiasm for cloud computing has as much to do ...
Data Analytics and Human Heuristics: How to Avoid Making Poor Decisions

Data Analytics and Human Heuristics: How to Avoid Making Poor Decisions

The “hot hand,” a metaphor applied frequently to the game of basketball, is the idea that a basketball shooter, after ...
The Unintended – and Intended – Consequences of Cloud Data Sovereignty

The Unintended – and Intended – Consequences of Cloud Data Sovereignty

Cloud Data Sovereignty It seems that everything has unintended consequences – whether positive or negative. Intended consequences are those that ...
5 Ways the Cloud and IoT Have Transformed the Transportation Industry

5 Ways the Cloud and IoT Have Transformed the Transportation Industry

IoT Transportation Industry The Internet of Things has caused many industries to evolve - but few more than transportation. Here ...
Exclusive: North American, UK, Asian regulators press EU on data privacy exemption

Exclusive: North American, UK, Asian regulators press EU on data privacy exemption

WASHINGTON/BRUSSELS (Reuters) - Financial watchdogs from North America, Britain and Asia are urgently seeking a formal exemption from the European Union’s tough new data privacy law to avoid hampering cross-border investigations, regulatory officials told Reuters ...
Cisco Announces Intent to Acquire July Systems

Cisco Announces Intent to Acquire July Systems

Today we are announcing our intent to acquire July Systems, a privately-held company headquartered in Burlingame, California with offices in Bangalore, India. We are excited to welcome July Systems and its cloud-based mobile experience and ...
Worldwide Cloud IT Infrastructure Revenues Continue to Grow by Double Digits in the First Quarter of 2018

Worldwide Cloud IT Infrastructure Revenues Continue to Grow by Double Digits in the First Quarter of 2018

FRAMINGHAM, Mass., June 21, 2018 – According to the International Data Corporation (IDC) Worldwide Quarterly Cloud IT Infrastructure Tracker, vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and ...