In today’s cyber world, many organizations struggle with outdated processes and ineffective approaches to monitoring cloud threats.

Security operation teams need to catch up with the fast-paced changes in tools and modernize their thinking and practices to align with the dynamic nature of cloud-native services. This represents a bigger challenge than simply updating the tools themselves.

“Today, when I’m looking at this space, of course, we see the emergence of new tools,” said Anton Chuvakin (pictured), senior security staff for the office of the chief information security officer for Google Cloud at Google LLC. “Most tools, most platforms are migrating to the cloud, but at the same time, something very interesting is going on. As the tool sets migrate to the cloud, many customers are challenged with monitoring their clouds. The interesting thing is, even if the tools you use for security operations become cloud native, some of the customer’s thinking is not.”

Chuvakin spoke with theCUBE industry analysts Rebecca Knight and John Furrier at the mWISE Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed security practices, threat detection and the need to adapt to the evolving landscape of cloud-native services and artificial intelligence. (* Disclosure below.)

Catching up with the changing times

Security practices and threat detection need to catch up with the changing landscape, as there is a focus on shifting left but forgetting about the right where threat detection exists, according to Chuvakin.

Furthermore, it’s crucial for companies to collaborate with developers and applications in order to enhance detection and response capabilities. They should also acknowledge the significance of data telemetry and observability when dealing with distributed applications, Chuvakin added. Gaining insights into threats through telemetry within the application necessitates a change in mindset to effectively detect and comprehend them.

“You sort of know what password guessing looks like in the system logs, but how would somebody attempt to use the key that they found in code somewhere from another source against the application?” Chuvakin asked. “It’s very much detectable, but you need to think about it before you do it rather than just replicate your old thinking.”

Too many touchpoints

In order to effectively respond to the changing landscape of threats, it is crucial for teams to give importance to training and education. This includes staying updated on identity and access management in cloud environments and comprehending the intricacies of the shared responsibility model in cloud security.

Ninety-nine percent of cloud breaches are the customer’s fault according to Gartner stats, but it is also unfair to solely blame them, considering how the world is built, according to Chuvakin.

“Detection response is a good example, because if I detect threats, I’m the client detecting threats using cloud provider tooling, configured by the consultant and responded to by a managed services provider,” Chuvakin said. “I jointly develop what I detect with somebody else in the cloud, like five parties doing things around the activity, so that if I’m doing the naïve visual red or blue or cloud provider client, that would be a gray area because it’s a lot of inherently joint activities.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the mWISE Conference:

(* Disclosure: Google Cloud sponsored this segment of theCUBE. Neither Google Cloud nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE