Cloud computing has transformed the software industry in recent years. From productivity applications to communications, business intelligence, and CRM systems, cloud-based systems have come to dominate the market. Indeed, Gartner predicts that by 2025, almost two-thirds of enterprise spending on application software will be directed at cloud-based technology.
Cloud-based software boasts considerable advantages over traditional, local applications. A key factor is ease of installation, scaling, and maintenance. With cloud apps, all of the friction around provisioning rack space for new applications, patching individual machines, and dealing with unexpected scaling issues is gone. New and enhanced software and services even for the most demanding, data-intensive applications can be rolled out enterprise-wide in the order of hours without long hardware procurement and installation cycles.
While these traits are useful for any application, they weigh especially heavy for cybersecurity applications and their ability to stop breaches. First of all, in an era of remote work, companies need to keep all their employees safe, no matter if they are connected through an office network, their home network, or from the airport wifi. Cloud-based solutions ensure that all systems always have the latest threat intelligence available while administrators have an accurate real-time picture of their company’s systems.
Global intelligence for local defence
Today’s threat landscape is highly sophisticated: Motivated threat actors are operating globally with an abundance of resources to extort companies, demand high ransoms, steal intellectual property, and disrupt operations. Furthermore, these actors rely less and less on easily spotted malware: 62% of recorded attacks in 2021 were malware-free, with adversaries logging onto systems using stolen credentials and utilising ‘living off the land’ techniques, using legitimate system and third-party administration tools.
To stop this new type of threat, installing local antivirus (AV) software is no longer sufficient. Cloud-based security allows organisations to tap instead into global knowledge. Similar to how the CDC or the WHO aids in the detection of outbreaks, modern security solutions can detect the traces of new threats beyond the boundaries of a single company network. Imagine a world where after the first detection of COVID-19, anywhere in the world, everyone else would be automatically inoculated, e.g. while sitting in their home office: that’s what’s possible in cybersecurity when tapping into the power of the cloud.
A cloud-based platform offers customers the ability to globally enforce protections against emerging threats throughout their user base. The cloud enables every endpoint to benefit from real-time intelligence based on newly detected patterns across the attack surface, empowering each and every endpoint with an up-to-date understanding of the “bigger picture” of adversary patterns and behaviours. A threat seen once, anywhere, can be stopped immediately everywhere, deterring adversaries from exposing their most valuable tradecraft in environments whose security is cloud-powered.
Heavy lifting in the cloud
Modern cybersecurity requires vast amounts of data and computing power to spot entrenched adversaries moving carefully and deliberately through corporate networks. While traditional antivirus packages have every endpoint fend for itself by downloading signature updates and constantly evaluating those against files stored locally, cloud-based solutions take a different approach.
Cloud-based machine learning can harness the speed, scale, and processing power of the cloud to analyse trillions of endpoint events per day, with minimal impact to system performance. This allows spotting faint threat signals that transcend the confines of a single local machine. Moreover, cloud-based services alleviate the customer burden of hosting, scaling, and operating the massive computing infrastructure required to stop sophisticated and targeted threats, while delivering the most up-to-date, intelligence-fuelled protection for customer systems, wherever they are located.
Local cloud-powered sensors
Cloud-based security solutions can still leverage local components operating on individual endpoints. A lightweight endpoint sensor instruments systems, enforces security posture, and acts autonomously when it detects threats while continuously liaising with the cloud. If the cloud is not available, for example, when travelling with a laptop, the sensor can act solely based on the local information it has available.
In contrast to legacy antivirus software, modern sensors do not rely on an enormous and ever-expanding dictionary of malware signatures. Instead, modern sensors utilise a combination of local AI models and Indicators of Attack (IoAs), i.e. the behavioural signals that a breach might be attempted. IoAs describe generic activities, rather than a long list of specific file signatures. Inputs to IoAs can include a process initiating communication with a remote server, a PowerShell script being launched, a system file being replaced, the mail client writing a file to disk, or a new system service being started. The sensor keeps track of chains of such events and how they relate to each other. As these events stack up, the sensor considers the odds of it being a breach. That determination can (but does not have to) incorporate global knowledge retrieved from the cloud. But, whenever an action indicates an attempted breach, the sensor locally interdicts the behaviour and reports its occurrence to the cloud.
Through the concerted actions of a tiny, client-based sensor and a vast, planetary threat intelligence operation based in the cloud, businesses and end users get the best of both worlds: rich, up-to-date intelligence alongside the agility of a nimble local sensor.
Cloud is key for a new era
The speed, scale, and enormous processing power of the cloud have laid the foundation for a new era of cybersecurity. From ease of installation and enabling organisations to harness machine-learning to deliver real-time threat intelligence, to the ability to make global intelligence ubiquitous across every endpoint, cloud-based platforms are empowering customers to continuously defend their assets against evolving threats and to stay one step ahead of adversaries.