Enterprises that apply a security strategy to their cloud workloads often rely on security checks pre-runtime. In most cases, they scan for vulnerabilities within their code or containers before deploying their cloud workloads into production. However, in runtime — when actual cyber attacks can occur — organizations are left completely blind.
In my discussions with CISOs during the last year I was surprised to hear that, despite having hundreds or even thousands of cloud servers, security teams lack visibility into what code is actually running inside their production environment. These teams believe that what’s running is the software they intentionally deployed during the CI/CD process. However, they aren’t certain.
Having no visibility in runtime is problematic. If an attacker wants to steal your credentials or exploit a vulnerability — in any kind of attack vector — a cyber attack is almost always the result of malicious code or commands running in your servers.
While pre-runtime security vulnerability checks are effective to some extent, they are not sufficient enough to cope with modern cyber threats, which don’t necessarily rely on a known vulnerability. It’s time for organizations to gain visibility and control over the code that is running in their cloud workloads. By identifying and terminating the malicious code running in memory, they will be able to detect the vast majority of cyber attacks on their cloud infrastructure.