This post is also available in: 日本語 (Japanese)
When organizations rapidly moved workloads to the cloud in response to the global health crisis, security teams struggled to stay ahead of the risk and safeguard cloud assets. This led to an explosion of security incidents. In our Unit 42 Cloud Threat Report, 1H 2021, we saw a 400% increase in cloud incidents in the retail industry, and an over 200% increase in manufacturing and government sectors.
We are pleased to announce the enhancement of our Cloud Incident Response (IR) practice to provide an optimized approach for each stage of the cloud incident lifecycle, so organizations can recover faster.
Because cloud environments are inherently designed to be dynamic and scalable, even simple mistakes can lead to expensive, complicated incidents with outsized impact.
The 2021 Cortex Xpanse Attack Surface Threat Report shows that global enterprises found new serious issues in their cloud infrastructure every 12 hours – twice a day! Some common issues include misconfigurations, insecure remote access, exposed account credentials and unpatched vulnerabilities.
And just in the past three years, Unit 42 has seen a 188% increase in cloud IR cases, with more than a third of our incident response matters touching cloud assets in one way or another.
This highlights the ephemeral nature of today’s IT infrastructure, where not only the infrastructure changes, but so does the vulnerability footprint.
Time is of the essence when a cloud breach happens. You must work as quickly as possible to contain the incident, determine “how it happened” and identify the optimal path to respond and recover. The longer this takes, the worse the potential consequences become.
Many Incident Response teams continue to use traditional Digital Forensics and Incident Response (DFIR) methods for their cloud environments. The challenge is, traditional DFIR was not designed for dynamic cloud-based incidents.
And if you don't get it right and determine the root cause, the adversary will be back in your environment again in no time – or potentially never leave in the first place.
It’s easy to get stuck in a reactive state when you’re running to the next fire drill.
Now with the growing importance of and dependence on the cloud, and the growing number of cases that involve it, we are doubling down on our Cloud Incident Response capability to provide an optimized approach for each stage of the cloud incident lifecycle, so your organization can recover quickly.
The Unit 42 cloud incident response team is staffed with experienced cloud experts who understand the special nature of cloud security investigations. They are armed with cutting edge cloud security technology like Cortex XDR, Cortex Xpanse and Prisma Cloud that allows them to quickly identify attack vectors, extent of access and the data at risk, then take the appropriate remediation actions.
In the event of a cloud incident, our teams stay involved as long as necessary to ensure it is completely contained and everything is back to normal. From there, we help develop playbooks and new processes to ensure a similar event doesn’t happen again. And should you need it, we’re available as an expert witness to articulate what happened, why it happened and who was impacted.
Imagine the peace of mind of having cloud IR experts as an extension of your team on speed dial. In the event of a cloud incident, your organization won’t have to manage it alone. The Unit 42 Retainer operates under prenegotiated terms, with predefined communication channels and playbooks to get started on your investigation within hours. This avoids you having to scramble to negotiate contracts when you need to focus on responding to a breach.
Having a retainer agreement in place with highly specialized cloud digital forensics and incident response expertise can help you reduce your incident response time, recover faster and resume normal business operations.
Don’t panic. We’re here to help.
Watch this short video of Wendi discussing Unit 42 Cloud Incident Response.
Learn even more about cloud incident response by watching the full version of Wendi Whitmore's Ignite '21 keynote on demand.
Remember to ask for Unit 42 by name with your cyber insurance carriers if you need incident response services.
If you are experiencing an active breach, or think you may have been impacted by a cloud security incident, please contact Unit 42 to connect with a team member. The Unit 42 Incident Response team is available 24/7/365. You can also take preventative steps by requesting a Proactive Assessment.