Agent-based Security Tools Carry Biases from the Physical World
Before the cloud, we secured physical hosts. That meant spending time installing multiple security agents—one for each server. But at least we were living in a fairly static world. IP addresses were assigned to physical assets and they seldom changed. Even then, as every security veteran knows, agent integration was tedious and coverage rarely reaches 100% of assets.
Then the cloud started making virtual what used to be physical. So we used what we had. We took security agents that ran on physical hosts and ran them on virtual machines. But is agent-based security really the wrong approach to securing AWS, Azure, and GCP? Yes, according to a panel of CISOs, including Doug Graham, Drew Daniels, Roger Hale, and Orca Security’s Co-Founder and CEO, Avi Shua. These four cybersecurity experts say cloud security is evolving—and must evolve quickly to meet the needs of organizations with large-scale cloud deployments. Check out their webinar on-demand here, or continue reading the highlights below.
Qubole CSO Drew Daniels Realizes Agents Can’t Provide Full Coverage
Drew Daniels, CSO at Qubole is familiar with the hassles and complexity of deploying agent-based cloud security solutions. Qubole was ‘born in the cloud’ which makes sense given that it’s the premier cloud-native data platform for self-service AI, machine learning, and analytics.
“In a cloud environment, you’re scaling utilization up and down frequently—possibly thousands of times per hour across multiple clouds—and all within a CI/CD pipeline that builds your infrastructure,” said Daniels. “You have containers and VMs to deal with, and agents can be challenging. Agent-based approaches track hosts and systems by an IP address or network—and that’s not scalable when you’re launching thousands of hosts an hour. The database fills up quickly, making data analysis difficult.”
Daniels noted that new agents have to be tested, evaluated and introduced into the environment, which can take weeks. “That’s fine, as long as the agent isn’t changing too frequently,” he said. “But if the agent is changing once or more per month, it becomes extremely time-consuming, and I have to pay someone on my team to track the agents and their status.”
“The real danger is in forgetting to install an agent on a neglected host or container.”
Drew Daniels | CSO
What’s more, the agent vendor may not provide the code required to operationalize getting the agent from one stage to another, requiring the security team to write the code before deploying, testing and validating the agents.
“The real danger is in forgetting to install an agent on a neglected host or container,” Daniels said. “You end up expecting your security solution to analyze and report on vulnerabilities in that host—but it’s a blind spot. With Orca SideScanning™ technology, you can’t miss any hosts, because the cloud infrastructure itself is aware of all the systems attached to that account.”
Orca SideScanning™: Built for the Cloud
Modern cloud architecture dictates that block storage is separate from the live run-time environment, and Orca Security takes full advantage of that fact.
Rather than integrating with each individual workload, SideScanning™ reads all workloads at once directly from shared storage. The result is immediate visibility into all cloud assets, without any impact on performance.
Here’s how it works:
- Orca runs as a SaaS service with read-only access to the customer’s AWS, Azure, and/or GCP workloads’ run-time block storage.
- Orca reconstructs the bits and bytes from the snapshot to build out a virtual, read-only view of the operating systems, applications, and data — then scans them for vulnerabilities and risks.
- SideScanning™ reads the environment metadata, to put the alerts in context — according to the real attack surface, not machine by machine. This allows Orca to prioritize the few alerts that matter most.
- SideScanning™ automatically discovers every asset in the customer’s environment, providing immediate visibility into compromised resources, vulnerabilities, malware, and misconfigurations.
- Because SideScanning™ goes beyond individual machines to see the entire graph of cloud assets, customers can see which risks are critical to their organization.
Orca Security’s revolutionary approach to cloud security vs on premise security approaches that were merely adapted to the cloud is a game changer.
Lionbridge CSO & CPO Doug Graham Uses SideScaning™ for Deep Visibility without DevOps Friction
Doug Graham, CSO & CPO at Lionbridge, was new to his position and needed to gain an immediate understanding of the hosts, agents and virtual machines he was charged with managing and securing. Lionbridge’s cloud environment combined AWS and Azure infrastructure, and he needed a consolidated view—fast.
“Now, when I discuss with my team what we should address first, I’m coming from a position of credibility.”
Doug Graham | CSO & CPO
Lionbridge delivers marketing, testing and globalization services in more than 300 languages and maintains solution centers in 27 countries, so they inevitably have a mix of both on-prem and cloud-based systems.
The company had in place a vulnerability management system for its on-prem systems, but nothing for the cloud environment. “As a new CISO, I was still building my credibility with the organization,” he said. “Even if you’ve been in the role for a few years, it’s not easy telling your DevOps team that you’ll be installing a new agent on every virtual host in the environment. If something goes wrong, you typically get blamed for whatever breaks. I really didn’t want to take that approach because for one I wanted fast results and secondly, I didn’t want to count on a complete agent deployment for fear of leaving any forgotten hosts behind.” Graham was also worried about the operational impact on the organization.
Using Orca SideScanning™ technology, Graham was able to gain full insight into both the Azure and AWS environment in minutes. “It’s a simple configuration that deployed very quickly and provided a high degree of accuracy,” he said. “Now, when I discuss with my team what we should address first, I’m coming from a position of credibility.”
Cloud Security vs On Premise Security: Keeping Pace with the Speed of Cloud Adoption
Qubole and Lionbridge’s stories are common—and many organizations are feeling pressure to keep pace with the speed of cloud-based app deployment. Traditional tools and methods won’t work, because they carry biases from the physical world. A new approach to cloud security is necessary.
It’s time for a big change.