Attacks on U.S. honeypots included MS-SQL Server (12 percent), MySQL (13 percent), HTTP (23 percent) and MS-DS (51 percent).
Alert Logic also notes that 14 percent of the malware collected through its honeypot network was not detectable by 51 percent of the world's top antivirus vendors. That's not because it was zero-day malware, Coty notes. Instead, much of the malware that was missed was repackaged variants of older malware like Zeus and Conficker.
Security in Depth Is Key in Cloud
"The threat diversity for the cloud has increased to rival that of on-premises environments," Alert Logic says in the report. "And new threats uncovered by our honeypot research demonstrate how top antivirus software vendors cannot be solely relied upon to detect attacks. The continued focus by hackers on infiltrating IT infrastructure underscores the importance of adopting the right security procedures and tools, and of continuously evaluating and adjusting those procedures and tools as attackers find new ways to thwart defense."
Coty says that much as with on-premises data centers, security in depth is the key. He says a cloud security solution should address:
Network. Firewall, intrusion detection and vulnerability scanning to provide detection and protection, while also lending visibility into security health.
Compute. Antivirus, log management and file integrity management to protect against known attacks, provide compliance and security visibility into activity within an environment and to help you understand when files have been altered (maliciously or accidentally).
Application. A web application firewall to protect against the largest threat vector in the cloud: web application attacks. Encryption technologies should be ubiquitous for data in-flight protection, and some companies select encryption for data-at-rest when necessary, assuming applications can support it.
Application Stack. Security Information Event Management (SIEM) can address the big data security challenge by collecting and analyzing all data sets. When deployed with the right correlation and analytics, this can deliver real-time insights into events, incidents and threats across a cloud environment.
Sign up for Computerworld eNewsletters.