Vulnerability management in the cloud presents new challenges and opportunities. The Wiz threat research team presents a new report focusing on how the ability to manage vulnerabilities in the cloud requires an understanding of both Application Security (AppSec) and Cloud Security (CloudSec). Using recent vulnerabilities as examples, the report explores insights on vulnerability management in cloud environments, along with Wiz’s methodology for using vulnerability intelligence.
Let's begin by exploring the positive aspects of vulnerability management in cloud environments. One notable advantage is the ease of reducing the attack surface. Cloud environments offer opportunities for minimizing the attack surface through techniques like employing smaller images. Additionally, the adoption of serverless and Software-as-a-Service (SaaS) models has accelerated and simplified the patching process. It's worth mentioning that many third-party software vulnerabilities have less impact in the cloud, and we'll delve into this further.
Despite the advantages mentioned above, certain vulnerabilities can have a greater impact in cloud environments compared to on-prem environments. While SaaS and serverless architectures offer convenience, the overall complexity increases when dealing with their appliance counterparts. In such cases, organizations are reliant on vendors for patches, and achieving visibility can become challenging.
Now, let's explore how we determine which vulnerabilities truly matter in cloud environments. With the multitude of Common Vulnerabilities and Exposures (CVEs) in the cybersecurity landscape, prioritizing which vulnerabilities to patch becomes crucial to any organization. When analyzing vulnerabilities, we must consider the technologies prevalent in the cloud and the attack surface they expose. Additionally, it is essential to assess the value of a vulnerability to threat actors targeting cloud environments in light of their potential goals.
For example, the following graph serves as a model for estimating vulnerability impact in the cloud based on perceived “tech value” and initial-access potential.
Many vulnerabilities exist in cloud environments but in practice have limited impact due to the cloud’s unique nature and design.
To learn more about how to determine which technologies hold the most potential value to attackers, as well as how to gauge the impact and likelihood of vulnerabilities in your cloud environment, check out our talk from fwd: cloudsec. And click the button below to download the report!