Last Updated on March 31, 2019 by Ruchir Shastri
As per Gartner’s prediction, the number of cloud users will increase at a very rapid pace every year, and is not about to slow down. Today, more people and businesses utilize the cloud services in one or other form without even realizing they are doing so.
Unfortunately, being unaware of using the cloud also means that people aren’t always as protected as they should be. Just because you are using a cloud, be it AWS, Azure or Google, this is no way means that your data and servers are protected from hackers.
These cloud computing services bring tons of changes to the business workflow, and as a result, companies require a new set of rules and a different way of thinking about its security. In this post, we’ll discuss some of the best approaches to secure your information on the cloud.
Install Robust Anti-Malware, Anti-Exploit & Anti-Ransomware
You might have heard of terms like, Spyware, Malware, Ransomware, Keyloggers, Rootkits, Adware, Backdoor shells, Hijackers and what not. The list of threats to server security is long, varied, and pretty scary. Even if you’re the most careful cloud user, malware can find a way to download itself onto your server.
For instance, an innocent looking email from your friend could in fact be a stealth method of exploiting security features, or it could be a widely spread ransomware encrypting entire file system. There are literally hundreds of ways in which your data can be compromised and entire operating system can be hijacked.
While most of the generic anti-virus software will do a good job of removing known threats from your
servers, intruders can still find loopholes to steal data, install backdoors to gain access, spy on your activity, hijack server resources to run malicious applications or encrypt sensitive information.
Difference Between Antivirus & Anti-Malware
Antivirus and anti-malware are two different cybersecurity concepts, and not to be used interchangeably. Of course, they both refer to cybersecurity software, malware is a more generic term while virus is more specific. The conventional antivirus software offers protection against classic computer viruses, but it cannot detect and address all types of infection like anti-malware software does.
To avoid your cloud instances from getting infected, it is necessary that you have an enterprise-class anti-malware, anti-exploit and anti-ransomware engine installed on your server which will provide real-time protection from viruses / malware entering your server.
In addition, you should also setup a full system scan by these engines at once every week so as to ensure that your system is completely secure and safe. We have a number of customers using “MalwareBytes” successfully with complete protection around-the-clock and our technical support staff is well versed to configure it appropriately for our customers. MalwareBytes adds an extra layer of protection to your cloud instances. It not only protects you from known threats, but keeps itself continually evolving for future threats.
While you protect your cloud environment against advanced threats, a sophisticated enterprise-grade email protection is also an essential measure to secure emails against a wide array of threats. It’s proven fact that, 91% of hacking attempts are launched through email-based attacks. Taking stats into account, an email security must be the first priority for any organization.
On top of your conventional email service, these email security provides protection against routine threats like spam, viruses and malware while also delivering the secure cloud email services. With this solution, your emails route through email gateway which enables you to improve security and system performance by thwarting known and advanced email threats before they reach your network.
It can protect your employee’s emails against advanced threats like spear-phishing, zero-day attacks, malware and spam. It uses keywords, pattern matching, file hashes and dictionaries to actively scan all email communications and attachments to stop data leakage and support compliance.
IDS / IPS – Network Level Security
When your cloud systems are online, this also opens up the possibility of hackers trying to get into them through known exploits or by using brute-force attempts. With growing security vulnerabilities across the web, it’s extremely important to have an external network security system in place which helps to protect your cloud servers. This network security system comprises of the below key components:
With external firewall in place, you can restrict access with fine-tuned rules to allow traffic from known sources or to allowed destination ports only. This also helps in ensuring that your server and website is PCI-DSS compliant to process secure transactions and store sensitive customer’s data including their credit card numbers.
Intrusion Detection System (IDS)
Intrusion Detection is a security management system for servers and networks which analyses each packet passing within a network to identify possible security breaches or intrusions. It can detect patterns typical of attacks or abnormal activity patterns and reports such activities to Intrusion Prevention System to protect it instantly.
Intrusion Prevention System (IPS)
After a possible security threat is detected by the IDS system, it is necessary to have a solution in place which blocks this access immediately to prevent systems from being exploited. Intrusion Prevention System (IPS) immediately creates rules to block this malicious access and keeps your system safe & secure. Both of these systems (IDS & IPS) work closely with each other to ensure complete security for your server & website. This also ensures that any / all traffic entering your system is scanned and free from any known vulnerabilities.
Web Application Firewall
A Web Application Firewall (WAF) is a firewall for HTTP applications that protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It applies a set of rules to protect web applications from common attacks such as cross-site scripting (XSS), file inclusion and SQL injection. It may come in the form of an appliance, server plugin, or filter, and may be customized to an application.
By deploying a WAF in front of a web application, a virtual shield is placed between the web application and the Internet. While a proxy server protects the client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF runs upon the set of rules often called policies. These policies help to protect against vulnerabilities in the application by filtering out malicious traffic.
Remote Desktop Guard (RDPGUARD)
RDP (Remote Desktop) allows users to connect to a remote server from anywhere. Indeed RDP is a very useful feature, however it also has several security issues. When a malicious user launches the network/port scanners or RDP brute-force attacks on Windows servers, thousands of failed login attempts are generated and pages of events are being logged. Such attacks abuse your dedicated server resources (CPU, RAM, Disk Space and Network Bandwidth) and degrade the overall functionality of the server.
To prevent them, host-based intrusion prevention system (HIPS) like RdpGuard is implemented. This protects servers from brute-force attacks on various protocols and services (RDP, FTP, SMTP, MySQL, MS-SQL, IIS Web Login, etc). It monitors the audit logs and detects failed login attempts. If the number of failed login attempts from a single IP address exceeds the normal limit, the IP address will be blocked immediately.