Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft

A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.

Kelly Sheridan

August 13, 2018

2 Min Read
Network Computing logo

Amazon Web Services, Google Cloud Platform, and Microsoft Azure have all recently doubled down on threat intelligence to help users identify and respond to malicious activity in the public cloud. But where do these platforms differ, and how do those differences help or harm cloud security?

Brad Geesaman, an independent cloud infrastructure security consultant, aimed to clarify the strengths and shortcomings of each platform during his Black Hat session "Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities." He set the stage for his side-by-side comparison with a broader look at how security is different in the cloud.

For starters, competition is ramping up in the space. As it does, companies are prioritizing shipping features and outsourcing non-core capabilities – including security. The cloud explosion has demolished the traditional perimeter, a rise in new infrastructure has shifted the attack surface, and a dearth of cloud security experts is amplified amid a wave of new features and services.

Cloud environments change fundamental assumptions about security, Geesaman explained. "When everything is an API, the traditional approaches don't fit," he said. The scalability of the cloud grants an opportunity to amplify good behavior. It also amplifies human error. 

Direct compromise may not be needed to affect cloud security, he continued. Credential theft can happen via phishing, malware, backdoor libraries or tools, or password guessing. Malicious outsiders abuse employees' failure to rotate, disable, or delete credentials after someone leaves the company. Credential leaks, another common vector, happen more often than one might think. 

"You'd be surprised – or maybe not – where these keys can show up," Geesaman added. "People give them away by accident all the time."

When shopping among major cloud services, it's important to bear in mind that none of them have been around very long. They're still growing, changing, and gaining new features, and they all still have work to do. "Don't expect something that's been in service for 10 years," he said.

Geesaman asked several of the same questions when evaluating the intelligence tools in each cloud platform: which data sources they use, how they operate on data, how much visibility the data provides, what is not covered in the service, and what is needed for onboarding, cost structure, partner integration, customization, and validating detection.

Read the rest of the article on Dark Reading.

About the Author(s)

Kelly Sheridan

Associate Editor, Dark ReadingKelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights