Go back to All Blog posts

Cloud Cross-View for Complete Attack Surface Visibility

Fara Hain
June 4th, 2024

IONIX’s Cloud Cross-View (CCV) uses cloud integrations to broaden the scope of attack surface mapping and coverage beyond traditional methods of monitoring. CCV extends asset analysis to consider aspects that are specific to cloud environments. This complements CSPM and CNAPP solutions by enriching them with broader attack surface data obtained through IONIX’s EASM capabilities. This enables:

  • Broader Attack Surface Perspective: 

Analyzing cloud assets from the viewpoint of remote attackers, including the digital supply chain and active exploit simulations.

  • Enhanced Context: 

Utilizing cloud information to gain attack path insights into the overall attack surface of an organization.

Typically, organizations manage cloud security separately using dedicated tools and teams. However, this approach creates gaps in how they address their attack surface modeling, as the cloud is just one component of a larger picture.

IONIX’s comprehensive approach includes organizational cloud environments as part of the broader attack surface rather than managing them separately.

Integrations with Public Cloud Providers (Amazon AWS/ Microsoft Azure/ Google GCP) 

IONIX Cloud Integrations Bridge Attack Surface and Cloud Security Gaps

  • Attribution of Cloud Assets Across the Attack Surface
    Through Cloud Integrations, IONIX identifies assets hosted within organizational cloud environments and considers them like organizational on-premises assets. This distinction is crucial for attack path mapping and addressing security vulnerabilities that could enable lateral movement within the organization’s infrastructure.

Cloud Cross-View will correctly place cloud assets in the IONIX Threat Radar with context from cloud environments.

  • Manage Unattributed Externally-Facing Cloud Assets Vulnerable to Attacks
    In a dynamic cloud environment, many assets lack clear organizational attribution and remain accessible to opportunistic hackers. Examples include URLs like clientdata.database.windows.net, misconfigured.s3.amazonaws.com, or IP addresses without clear identifiers. Assets obscured behind CDNs also complicate auditing and threat analysis. IONIX CCV enables effective assessment and management of these assets across organizational cloud environments.
  • Enhanced Management and Internal Attribution of Cloud Assets
    Access to cloud environments offers critical insights into the otherwise obscured inner workings of cloud applications. Security teams, whether focused on cloud-based or traditional/ on-premises systems, can leverage tools like tagging within these environments to more effectively identify and manage security incidents. The image below illustrates how attack path mapping and understanding the complete context of a.b.com requires ingesting and integrating both cloud data and Attack Surface Management (ASM) perspectives.

Insights from both cloud and ASM (Attack Surface Management) are required to fully understand asset contexts and security issues. For example, the domain a.b.com, while managed by non-cloud DNS and utilized by non-cloud systems, operates over a cloud service via a cloud load balancer. A comprehensive attack path map of impact and risk must include both cloud and non-cloud elements, such as shob.b.com, and cannot be limited to a single perspective.

Cloud Security Gaps

  • Cloud Asset Interdependencies
    The tools for discovering and analyzing the attack surface in IONIX also take into account the interdependencies between different assets. Cloud security solutions, due to their restricted internal access to cloud environments, often overlook the dependencies of cloud assets on external / non-cloud assets, such as those in the digital supply chain or other organizational assets. These dependencies, illustrated in Figure 5, encompass both cloud and non-cloud components.
  • Dependencies of Non-Cloud Assets on Cloud Assets
    Cloud systems frequently interact with non-cloud assets, but due to restricted visibility within cloud environments, these dependencies are frequently ignored. This oversight can result in mis-prioritized issues, like assuming a vulnerable cloud asset doesn’t affect organizational systems. Moreover, since many organizations manage DNS externally, visibility is further hindered. Consequently, the complete context and attack paths of these dependencies remains obscured within the cloud environment. Figure 5 highlights this dependency type.
  • Application-Layer Internal Cloud Dependencies
    Cloud security solutions typically fail to dynamically analyze application-layer attack paths and dependencies between cloud assets, even when both sides of the dependency are within the organizational cloud environment. The image below illustrates these dependencies, highlighting their importance.


The image illustrates the incomplete visibility and analysis of cloud asset dependencies, highlighting three key areas: dependencies of cloud assets on external assets, dependencies of non-cloud assets on cloud assets, and application-layer dependencies within cloud environments.

  • Comprehensive Security Assessment and Active Protection for Cloud Environments
    Organizations prioritize securing both on-premises and cloud infrastructure. With IONIX integration, the platform extends its Attack Surface and Attack Path mapping to include cloud assets, covering web, PKI, network, DNS, and email analysis, along with application-level auditing and exploit simulation. By considering the entire attack surface, including digital supply chain dependencies, IONIX can apply Active Protection measures if needed.

Integrations with Cloud Security Solutions: CSPM And CNAPP

IONIX doesn’t perform security scans within the cloud environment, leaving that task to CSPM and CNAPP solutions like PAN Prisma Cloud, Wiz, and Microsoft CSPM, which analyze images and snapshots for vulnerabilities.

By integrating with these solutions, IONIX enhances its effectiveness in cloud environments by gathering vulnerability information and refining its Attack Path Mapping and Exploit Validation modules. This collaboration also strengthens cloud security posture – even for those with CSPM and CNAPP tools – particularly when it comes to identifying and prioritizing exploitable attack paths. Below are further examples:

Application Layer Attack Path Mapping, Exploit Simulation, and Reacting to Zero-Day Attacks

Cloud security solutions typically assess vulnerabilities but often lack the perspective of a remote attacker. While they may identify numerous vulnerabilities and potential attack paths, only a small fraction are realistically exploitable from outside the network. By incorporating an external attack surface perspective, organizations can prioritize addressing the vulnerabilities that remote attackers could exploit. This approach becomes crucial when responding to zero-day vulnerabilities, as it helps identify which assets are genuinely exposed, which attack paths are viable. and need immediate attention.

Expanding Assessment to the Digital Supply Chain

While traditional cloud security solutions focus on identifying attack paths originating from the internet, they often overlook dependencies between assets, especially those involving non-cloud resources. In contrast, IONIX’s approach to attack surface analysis extends beyond the cloud environment to include assets external to it that could potentially be leveraged to target the cloud infrastructure.

IONIX strives to establish connections between cloud attack paths and a broader security framework encompassing non-cloud organizational assets and their digital supply chain.

Cloud and Attack Surface Analysis: Simulating Millions of Attack Attempts

Relying on security through obscurity is not advisable, as it hinges on keeping the system’s structure hidden. While hackers may eventually uncover network structures through persistent efforts, security assessment solutions lack this luxury. They must efficiently assess numerous assets without risking or overloading production systems.

This discrepancy presents a notable challenge in evaluating cloud systems. Simply inputting a list of cloud assets into security assessment tools may prove insufficient. Factors like API gateways, load balancers, and CDN services often route traffic based on additional parameters, such as request headers or paths.

Consider two scenarios:

  1. A load balancer is configured to direct HTTP traffic only if the request path begins with “/companyapp/.” Without insight into this routing mechanism, external attempts to audit the application would fail. While attackers might eventually discover this information, organizations cannot afford to wait for a breach before addressing the issue. IONIX Cloud Cross-View learns the attack path structure, enabling assessments as if attackers already possess this knowledge, thereby efficiently arriving at conclusions without millions of attempts.
  1. A CDN/Cloud WAF service acts as a proxy between “app.com” and a cloud workload, potentially under different providers, but the cloud workload does not restrict traffic solely to the CDN/WAF service. Without internal knowledge of this configuration, extensive probing would be necessary to identify the traffic’s origin. Organizations require this information promptly to safeguard against direct attacks on the origin cloud workload. Additionally, if the cloud origin workload’s link to “app.com” cannot be determined, security solutions may fail to detect misconfigurations, leaving the unaudited cloud workload vulnerable to widespread attacks. Without insight into the asset’s origin, it’s impossible to definitively assert its security.

In both cases, you need an Inside-Out and an Attack Surface view to understand the specific attack path and prioritize remediation.

Conclusion

As the cloud landscape continues to evolve, IONIX remains committed to closing the gaps between cloud security and on-prem security. By comprehensively integrating into public clouds, we empower organizations to not only detect but also proactively map attack paths and mitigate threats across their entire attack surface.

We encourage organizations to rethink their security strategies and integrate ASM with cloud security solutions for a more resilient defense against emerging threats. Partner with IONIX to bridge the gaps in your security posture and ensure a more secure future for your digital assets.

REQUEST A THREAT EXPOSURE REPORT TODAY

Discover the full extent of your online exposure so you can protect it.