Rethink / Cyber / Attacks on cloud infrastructure are inevitable – Gem Security is preparing SOC teams for attack day

Attacks on cloud infrastructure are inevitable – Gem Security is preparing SOC teams for attack day

Nadav Zafrir February 1, 2023
Attacks on cloud infrastructure

Welcoming Gem Security to the Team8 family, as it raises $11M in Seed funding to tackle Cloud Threat Detection, Investigation and Response (TDIR)

Cloud security continues to be an unsolved problem. SOC teams are struggling to detect and contain incidents, and the threat landscape is becoming more sophisticated every day.

As part of Team8’s unique company-building and ideation model, and based on our cloud security thesis, we’ve learned that cloud TDIR is one of the hardest challenges in cybersecurity today. That’s why we’re delighted to join forces with the stellar founders of Gem Security, which has emerged from stealth with an $11M Seed investment.

Read on for our view on the gaps in the current market and why we have full confidence that Gem Security is the right team to address them.

The cloud is a done deal, but security lags innovation

The move to the cloud is a reality that enterprise security teams must accept. In late 2021, 90% of respondents to Flexera’s survey reported their organizations use more than one cloud provider; more recently, 72% of IT decision-makers told Foundry that their organization is defaulting to cloud-based services when upgrading and purchasing new technology.

The pace of change has caught many security teams off guard – and SOC skills and toolsets are racing to keep up with the pace at which R&D teams are adopting new cloud infrastructures and technologies.

An attack is a question of when, not if

ESG found that 88% of IT and cybersecurity professionals had experienced an attack on cloud-native apps and infrastructure in the previous twelve months. In a Fortinet survey, 96% of respondents were concerned about cloud security, including 73% who were very or extremely concerned.

Attackers are constantly looking for new ways to exploit cloud weaknesses through malware, social engineering, or zero-day exploits. Many of the advantages of public clouds – such as their elasticity, flexibility, and ease of use – are what make them a prime target for attack.

From the attacker’s perspective, the cloud is the land of opportunity:

  • The cloud is highly connected through APIs, endpoints, and web services; at the same time, it’s complex and difficult to understand if you’re not a seasoned cloud expert. There are many points an attacker can enter from and remain undetected; and the cloud’s discoverability means they can automatically map environments to inflict maximum damage.
  • Attackers can get the “keys to the kingdom”. Cloud services are managed through a central control plane (e.g., the AWS Management Console). Attackers who have the right permissions can gain swift and easy access to an organization’s most sensitive assets, such as customer credit card numbers.
  • The cloud’s attack surface is flattened, making it vulnerable to automated attacks.

For security operations teams, the cloud presents a set of unanswered challenges when it comes to preparing for attacks, detecting them in real-time, and responding:

  • Lack of centralized visibility. The entity space in the cloud is huge, and produces mind-boggling amounts of telemetry. Environments can sprawl across multiple public and private clouds, hundreds of microservices and dozens of third-party technologies. There is no simple, centralized, and efficient way for SOC teams to navigate these complex architectures.
  • Difficulty detecting and investigating cloud incidents. The attack surface is dynamic and workloads are ephemeral. Environments can be spun up and down in a matter of minutes. And because the company running the workload doesn’t own the infrastructure, traditional agent-based tools are ineffective.
  • No pragmatic methodology to block and contain attacks. The SOC toolset is woefully limited. Incident response solutions are still built around legacy on-prem technology. Furthermore, CISO organizations are not immune to the cloud skills shortage – leading to difficulties in identifying incidents, assessing their urgency, and intervening without jeopardizing production pipelines.

It’s no surprise that some of the most notorious cyber attacks in recent years – including the Capital One hack, Imperva data breach, and the insider attack at Ubiquiti – have targeted cloud infrastructure. Cloud security tops the CISO agenda – which leads us to the highly innovative solution we have chosen to invest in.

Gem Security has built the Cloud TDIR solution security teams need to tackle their cloud blind spots

Gem is a Cloud Security Operations Platform that bridges the gap between cloud complexity and security operations – giving SOC teams tools for cloud incident readiness, real-time threat detection, live investigation and immediate response.

Why is this important? Detection and response solutions based on legacy approaches fall short of providing a solution for the cloud era. Moreover, the current generation of cloud security solutions goes to great lengths to improve static posture management by preventing misconfigurations, enforcing best practices, and monitoring for policy violations. All of these elements are crucial, but they will never suffice – attackers will always find a crack in the armor through which they can slide in. The innovation Gem brings to the space is its real-time detection, with built-in incident response know-how that enables SOC teams to automate, visualize, and simplify cloud incident triage.

Gem features out-of-the-box threat detection that combines a cutting-edge library of cloud TTPs, along with anomaly detection and behavioral analytics. When alerts trigger, Gem enables intuitive, context-led triage that allows security analysts to seamlessly fuse context from across IaaS, SaaS, and PaaS deployments. They can map connections between cloud entities and identities in order to easily identify and contain root causes.

The solution addresses both the technical gap and the skills shortage – presenting a massive potential value-add.

A team we can get behind

When you set out to solve big problems, the people matter just as much as the tech. Gem’s founders have what it takes – a world-class combination of technical skills, industry acumen, and the ability to execute.

Through their experience in the Israeli elite technology unit 8200 and the private sector, they have gained unique insights into the attacker’s perspective. All three are seasoned cybersecurity executives with deep domain expertise in cloud-native architectures and a track record of operational excellence: Arie Zilberstein, CEO and Ofir Brukner, VP Product, previously held executive positions at Sygnia, a global elite incident response consulting firm; Ron Konigsberg, Gem’s CTO, has held executive positions at Singular.

The team is already collaborating with ten design partners from leading enterprises, and is seeing promising early traction. With the new Seed funding in the bag, this group can continue to execute and bring its vision to life – seizing on a tremendous market opportunity and making the cloud more secure for everyone.

To learn more, visit the Gem Security website.

Related Articles