With ever-increasing sophistication and frequency of attacks, rapidly detecting signs of breaches and insider activities is critical for any enterprise. According to recent research by IBM and Ponemon Institute, the average cost of a data breach for a company has increased 23 percent over the past two years, costing $3.79 million. Cloud applications with a […]
With ever-increasing sophistication and frequency of attacks, rapidly detecting signs of breaches and insider activities is critical for any enterprise. According to recent research by IBM and Ponemon Institute, the average cost of a data breach for a company has increased 23 percent over the past two years, costing $3.79 million.
Cloud applications with a black-box approach are particularly challenging for enterprises to secure. Hence, enterprises are constantly looking for breadcrumbs or early warning signs to get ahead of the game. Organizations need to ask themselves, “What are the telltale signs of a threat in the cloud?”
In this slideshow, Palerra has identified the top five key indicators of threats to cloud apps that organizations need to monitor (in no particular order).
Click through for five key indicators of threats to cloud apps that organizations need to monitor, in no particular order, as identified by Palerra.
Early detection requires more than monitoring what comes into the network; it is also about seeing what is leaving the network and applications. Unusual traffic patterns leaving a network or exiting an application are among the most telltale signs that something is awry. Compromised systems often call home to command-and-control servers, and IT staff members can catch this traffic pattern before any real damage is done.
When a user or program accesses an application from unexpected geographical locations, this is another indicator that an attacker is pulling strings by hopping around different locations. Typically, this type of hopping is done as a masquerade; the attacker is actually stationary. When you combine access from diverse geographical locations with rapid successive logins to your cloud application, this is a marker of pending trouble. A particularly strong indicator of compromise consists of irregular geographical access, rapid successive logins, and outbound network traffic going to a location where your enterprise usually doesn’t conduct business.
One of the most popular attack methods is trial and error. In this case, attackers try a variety of exploits and hope that one of them sticks. For example, if you see a large number of requests for the same file type or permission setting in your IaaS and PaaS clouds that have virtual machines, operating systems and databases, it suggests a need for pause and analysis.
The greatest cause of damage to an enterprise consists of privileged users and administrators whose credentials are compromised or misused. Monitoring privileged account holders for atypical activity has become table stakes for cloud applications. To illustrate, think about the power wielded by account administrators for Salesforce, a hosted Exchange system, or Amazon Web Services. Keeping tabs on atypical (or anomalous) activity safeguards against both account takeover and insider misuse.
Finally, once an account is compromised, ex-filtration of information becomes a concern. A spike in file-read requests, application record access, or database read volume signals that a person or a process is trying to gather valuable data. The ability to monitor for exceeded thresholds on reads is a critical element of security monitoring for enterprises.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
