Traditional cloud security tools have a blind spot. See, they operate solely within the cloud environment and are liable to miss crucial threats lurking in the shadows. These tools can't detect "shadow IT," unauthorized cloud services used by employees. Additionally, they miss "zombie IT accounts," dormant accounts that hackers can exploit.
Traditional tools also struggle to assess security vulnerabilities within cloud ecosystem's suppliers, which leaves organizations open to attacks through these third parties. Furthermore, traditional cloud security relies on separate tools and teams, and silos are created. This fragmented approach can lead to gaps in an organization’s overall security posture.
These tools often lack the context to understand the significance of cloud assets. They can't see how these assets connect to a broader attack surface, which includes cloud and on-premise infrastructure. This limited understanding makes it difficult to prioritize vulnerabilities and allocate resources effectively.
Security firm IONIX sees this issue and acted with a major upgrade to its Attack Surface Management (ASM) platform. This new feature, called Attack Surface Cloud Cross-View (CCV) offers a comprehensive view of an organization's potential security risks.
CCV combines internal cloud asset data with external threat intelligence to provide a complete picture of an attack surface across cloud platforms such as AWS, Azure and GCP as well as on-premise infrastructure. Security providers like Akamai, Cloudflare and Imperva are also included.
CCV also analyzes connections between assets to identify how a seemingly low-risk asset could be exploited to access critical systems.
Expanded Threat Detection: Traditional cloud security often misses connections between cloud environments and other systems. CCV also bridges this gap where traditional cloud security often misses connections between cloud environments and other systems. Being able to do this uncovers vulnerabilities across a digital ecosystem, including vendor clouds and on-premises infrastructure.
CCV helps identify and map potential attack paths originating from your digital supply chain. It simulates real-world attacks across an infrastructure, including cloud, non-cloud and supply chain assets. And the integration with cloud security posture management solutions allows organizations to validate potential vulnerabilities identified by CSPM with exploit simulation, which turns alerts into actionable security assessments.
“IONIX was seeing customers facing attacks that arise from the security coverage gaps in their separately managed cloud security tools and on-premises vulnerability management solutions. We built Cloud Cross-View features into our ASM product to close the gaps between the two and to ensure that any asset, wherever it may reside, is a secure asset,” said Marc Gaffan, CEO of IONIX. “We envision a simpler solution where one contiguous attack surface, supported by a security software stack that one team can manage, covers cloud and on-prem security needs.”
IONIX plans to announce further integrations with CSPM providers in the coming months.
Edited by
Alex Passett
