Yaroslav Rosomakho, Field CTO, EMEA at Netskope, on attacker techniques in the cloud.
Tell us about your participation at GITEX. How has the experience been?
It’s been an amazing experience, being a part of this mammoth global show. The footfall this year has been overwhelming, and we at Netskope are proud to participate at GITEX GLOBAL. We invite everyone to meet us at the show and explore our innovations designed to empower your business into the future. Some of the exciting solutions we are showcasing at the event include Netskope’s Borderless SD-WAN, IoT Security and our seamless omni-channel DLP partnership with email market leader and global alliance partner Mimecast.
Tell us more about NetSkope. What do you focus on?
Netskope is the only security vendor that accelerates the digital transformation journey of organisations with a proven security platform that is data-centric, cloud-smart, and as fast as your business. We understand that cloud transformation and work from anywhere have changed how security needs to work, and so we work with you to protect people and data anywhere they go, no matter what.
Netskope is regularly recognised for its product innovation, contributions of our leaders and customers, and company culture. We are also active contributors to the cloud security industry as a whole.
Let’s come to the Cloud. How have attacker techniques evolved as far as this space is concerned?
One of the top threats security teams face is that of identifying misconfigurations in cloud. Today, attackers know that if they can compromise an instance of misconfigured cloud, they can not only access data but also use the cloud as a proxy for further access into the organisation. If you gain access to one cloud application and get access to APIs, those keys allow the attacker to move across multiple cloud environments.
Another aspect is that of phishing, which we all know, is still common. We’ve seen attackers moving to host their phishing pages on known and well-trusted cloud applications. Another important threat vector organisations must be aware of is malware delivery. Traditionally, malware is delivered through the web channel as a link or in a phishing email. Attackers have become experts, knowing they can use cloud applications to deliver malware. This is an issue because many organisations put applications and trusted apps into an ‘allowed’ list which may not comply with standard security policies.
As an example, in our Netskope Cloud Threat Report, OneDrive was responsible for delivering 33% of malware to organisations. Other similar cloud applications are also used as vectors to deliver malware into organisations.
What are the benefits of a Security Service Edge (SSE) approach?
It’s important to understand that for every organisation, it all comes down to understanding their use of the cloud. This is essential because it helps to enhance user experience and give them more flexibility to choose the devices that they use and the services they consume. It also frees them from the restrictions of legacy-based architecture.
As opposed to data that resides on a platform or server which needs to be addressed from a cloud governance perspective, with SSE, businesses can manage their data where it resides and also understand who has access to this data, thus helping to protect it effectively.