Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 19)
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
See all Unit 42 Threat Research
Table of contents
Cloud Security

CSP-Built Security Vs. Third-Party Cloud-Native Security

5 min. read
Table of contents

Cloud security is essential for ensuring the safety and integrity of data and applications in the cloud. Organizations often face a choice between using cloud service provider (CSP) proprietary security solutions and third-party security solutions. Understanding the differences and benefits of each can help in making an informed decision.

Cloud Security: The Technology Decision

As cloud ecosystems gain complexity, organizations face critical decisions regarding their security strategies. Two primary options exist: leveraging security solutions provided by cloud service providers (CSPs) or adopting third-party cloud-native security solutions from specialized vendors. Exploring the differences, advantages, and challenges of both approaches helps in making an informed decision.

CSP-Built Security Tools

With cloud services come CSP proprietary tools that offer deep integration with respective cloud platforms. In addition to providing seamless user experiences, they often include advanced features tailored to the capabilities of the cloud service provider, which makes them highly effective for users invested in a single cloud ecosystem. CSP tools ensure tight security, compliance, and monitoring capabilities, leveraging the native infrastructure to its fullest potential.

AWS Security Hub, Azure Security Center, and Google Cloud Security Command Center are examples of CSP proprietary tools. Each of these are designed to integrate tightly with their respective cloud platforms:

  • AWS Security Hub provides a comprehensive view of security alerts and compliance status across AWS accounts. It aggregates, organizes, and prioritizes security findings from multiple AWS services and partner products.
  • Azure Security Center helps manage security across Azure services and on-premises environments. It provides unified security management and threat protection for workloads running in Azure, on-premises, and in other clouds.
  • Google Cloud Security Command Center offers a centralized dashboard to help manage and improve the security of Google Cloud resources. It allows users to identify and remediate vulnerabilities, detect threats, and ensure compliance with security policies.

While these tools leverage the specific capabilities and integrations of their respective cloud platforms, most third-party cloud-native tools offer cross-platform compatibility.

Cloud-Native Application Protection Platform (CNAPP)

In contrast to CSP-built security tools, third-party cloud-native tools enable users to manage and secure applications across multicloud and hybrid cloud environments.

CNAPP solutions, for instance, provide comprehensive security capabilities that span multiple cloud environments, giving organizations consistent protection and visibility across diverse cloud infrastructures. Designed to protect cloud-native applications throughout their lifecycle, CNAPPs encompass multiple security functions — continuous visibility, threat detection and response, compliance management, identity and access management (IAM), workload protection, automated remediation, and more. They also integrate with DevOps tools to embed security into the software development lifecycle (SDLC), ensuring continuous protection from code to cloud.

  • Cloud Security Posture Management (CSPM)
  • Data Security Posture Management (DSPM)
  • AI Security Posture Management (AI-SPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Cloud Workload Protection (CWP)

While CSP proprietary tools excel in seamless integration within their cloud environments, third-party tools like CNAPP provide broader coverage, allowing organizations to adopt a multicloud strategy without sacrificing security and compliance.

Integration and Compatibility

CSP proprietary security solutions provide seamless integration within their ecosystems, leveraging native infrastructure to deliver enhanced security, compliance, and monitoring capabilities. Users benefit from a cohesive experience, as these tools are designed to work harmoniously with other services offered by the cloud provider.

Third-party cloud-native security solutions offer cross-platform flexibility, enabling organizations to manage and secure their applications across multiple cloud environments. This flexibility reduces vendor lock-in and allows for a more versatile security strategy, catering to organizations that adopt a multicloud or hybrid cloud approach.

Feature Set and Capabilities

CSP security solutions come with built-in security controls optimized for their environments. These controls ensure that users can easily implement security best practices and maintain compliance with regulatory requirements.

Third-party security solutions often provide advanced features that go beyond the capabilities of native tools. These features include comprehensive visibility, threat detection, and compliance management across diverse cloud infrastructures. By integrating with various other security tools and technologies, third-party solutions offer a holistic approach to cloud security.

The Multicloud Challenge

The challenge of a multicloud ecosystem comes in many forms — identity, data flow, comprehensive context for risk prioritization and attack path analysis.

Implementing Least-Privileged Access

Consider the complexity of cloud identity and access management (IAM) frameworks. In the best of circumstances, it poses significant challenges for security practitioners. In public cloud environments, the aim remains to enforce least-privileged access to reduce the attack surface. CSP proprietary tools, however, often fall short in effectively identifying and managing net-effective permissions.

CSP proprietary tools, like AWS Security Hub, Azure Security Center, and Google Cloud Security Command Center, offer prebuilt privileges and managed permissions to help organizations get started with IAM policies.

Despite these initial conveniences, these tools require organizations to manually assess raw permissions, such as allow, deny, service control policies (SCP), and boundaries. The manual assessment becomes a daunting and error-prone task, especially when external identity providers (IdPs) and single sign-on (SSO) providers, such as Okta and Azure Active Directory, add another layer of complexity.

The integration of IdPs can create gaps in visibility and make it difficult to accurately determine user access, increasing the risk of security breaches and regulatory noncompliance.

Cloud Infrastructure Entitlement Management

CIEM tools address these limitations by auto-calculating net-effective permissions across cloud and multicloud environments. CIEM tools, such as Prisma Cloud, provide a centralized platform for managing and monitoring access rights. They offer features like near real-time monitoring, automated workflows, and intelligent graph visualizations, making it easier to identify and remediate overly permissive access.

By unifying multicloud IAM policy models and mapping external IdPs to the CSP IAM framework, CIEM tools simplify the enforcement of least-privileged access. Organizations using CIEM tools can effectively reduce their attack surface and enhance their cloud security posture, ensuring consistent security across all cloud environments.

Related Article: Why Are Net-Effective Permissions Critical for Cloud IAM?

Securing Data

In practice, an organization using CSP proprietary tools might secure data within a single cloud platform effectively but struggle to maintain the same level of security across multiple clouds. Sensitive data, for instance, might be securely stored and monitored within AWS, but when transferred to Azure for analytics, CSP tools lack the capability to track and secure the data in the new environment. This limitation increases the risk of data breaches, as well as compliance violations.

DSPM & DDR

Data security posture management (DSPM) solutions continuously scan all cloud environments to identify where sensitive data resides, classify it based on its risk level, and monitor how it’s accessed and processed. Complete visibility enables organizations to enforce consistent security policies and detect potential vulnerabilities that CSP tools miss.

Data detection and response (DDR) goes a step further by providing near real-time data monitoring and response capabilities, allowing security teams to detect suspicious activities or data exfiltration attempts as they happen. By integrating DSPM and DDR, organizations gain the ability to proactively manage data security risks, respond swiftly to incidents, and protect sensitive data across all cloud environments, regardless of the underlying CSP.

Cost and Licensing Considerations

CSP security solutions are typically cost-efficient, as they’re designed to work within the existing cloud service provider’s ecosystem. Users can take advantage of bundled pricing and streamlined billing processes.

Investing in third-party security solutions may involve additional costs, but these solutions can offer significant value through specialized features and cross-platform capabilities. Organizations must weigh the potential benefits against the costs to determine the best fit for their needs.

Customization and Flexibility

CSP security solutions are optimized for their native environments, providing users with tools that are specifically designed to work within the cloud provider’s infrastructure. This optimization ensures efficient performance and ease of use.

Third-party security solutions offer extensive customization options, allowing organizations to tailor their security measures to meet specific requirements. These solutions can adapt to various cloud environments, providing a flexible approach to cloud security.

Compliance and Regulatory Alignment

CSP security solutions often include built-in compliance features that help organizations adhere to regulatory requirements. These features leverage the cloud provider’s infrastructure to ensure that compliance is maintained seamlessly.

Third-party security solutions offer comprehensive compliance support across different environments, helping organizations navigate complex regulatory landscapes. By providing a unified view of compliance across multiple cloud platforms, these solutions simplify the management of regulatory requirements.

Scalability and Performance

CSP security solutions are designed to scale within their respective environments, ensuring that security measures grow alongside the organization’s cloud usage. This native scalability ensures that performance remains consistent as demand increases.

Third-party security solutions are built to offer high scalability across platforms, making them ideal for organizations with multicloud and hybrid environments. These solutions can adapt to varying workloads and provide consistent security coverage, regardless of the underlying infrastructure.

Support and Expertise

CSPs provide support for their native security solutions, offering users access to expertise and resources that are specific to the cloud provider’s environment. This support can be invaluable for organizations that rely heavily on a single cloud platform.

Third-party security vendors offer specialized support and consultancy services, helping organizations implement and optimize their security measures. This expertise spans multiple cloud environments, providing valuable insights and guidance for complex security challenges.

Real-World Applications

Numerous organizations successfully use CSP security solutions to protect their cloud environments. For example, enterprises leveraging AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center benefit from seamless integration and optimized security features.

Case studies also highlight the advantages of third-party security tools. Organizations adopting solutions like CNAPP, CSPM, DSPM, AI-SPM, CIEM, and CWP gain cross-platform security coverage and cross-platform flexibility. And cross-platform security is optimal security, in that it eliminates blind spots and ensures the consistent application of security policies.

Prisma Cloud

Prisma Cloud provides a holistic, centralized approach to cloud-native security, integrating a broad set of capabilities into a single Code to Cloud platform.

Core Features

  • CNAPP: Protect cloud-native applications and infrastructure across the lifecycle — code, build, deploy, and run.
  • Attack Path Analysis: Identify interrelated risk signals that form exploitable pathways to critical assets.
  • Code to Cloud Intelligence: Connect runtime insights to the developer environments to eliminate risk at the source.
  • Copilot: Ask questions in the product to easily understand and resolve risks with the Prisma Cloud Copilot, powered by Palo Alto Networks Precision AI™.
  • IaC Security: Identify and fix misconfigurations in Terraform, CloudFormation, ARM, Kubernetes, and other IaC templates.
  • Secrets Security: Find and secure exposed and vulnerable secrets across all files in repositories and CI/CD pipelines.
  • CI/CD Security: Harden CI/CD pipelines, reduce the attack surface, and protect your application development environment.
  • Software Composition Analysis: Address open-source vulnerabilities and license compliance issues with context-aware prioritization.
  • Cloud Security Posture Management (CSPM): Monitor posture, remove critical risks, and maintain compliance.
  • Data Security Posture Management (DSPM): Discover, classify, and protect data in cloud environments. Prevent exfiltration and compliance violations.
  • AI Security Posture Management (AI-SPM): Gain visibility and control over AI models, data, and the AI supply chain. Stop new attack vectors before they materialize.
  • Cloud Infrastructure Entitlement Management (CIEM): Gain control over permissions across multicloud environments.
  • Agentless Workload Scanning: Scan hosts, containers, Kubernetes, and serverless for vulnerabilities and threats.
  • Cloud Discovery and Exposure Management (CDEM): Increase visibility and control over unknown, unmanaged cloud assets exposed to the internet.
  • Cloud Threat Detection: Detect advanced threats, zero-day attacks, and anomalies across multicloud environments. 
  • Cloud Workload Protection: Secure Linux hosts, Windows hosts, containers, Kubernetes, and serverless functions across public and private clouds.
  • Web Application and API Security (WAAS): Protect web applications and APIs across any public or private cloud.

Cloud-Native Security FAQs

The market definition of CNAPP, as defined in Gartner’s 2024 Market Guide for Cloud-Native Application Protection Platforms is:

“Cloud-native application protection platforms (CNAPPs) are a unified and tightly integrated set of security and compliance capabilities designed to protect cloud-native infrastructure and applications.

CNAPPs incorporate an integrated set of proactive and reactive security capabilities, including artifact scanning, security guardrails, configuration and compliance management, risk detection and prioritization, and behavioral analytics, providing visibility, governance and control from code creation to production runtime. CNAPP solutions use a combination of API integrations with leading cloud platform providers, continuous integration/continuous development (CI/CD) pipeline integrations, and agent and agentless workload integration to offer combined development and runtime security coverage.”

AWS Security Hub is a cloud-native security service that provides a centralized view of security alerts and compliance status across AWS accounts. It aggregates findings from multiple AWS services and third-party products, offering automated compliance checks against industry standards and best practices. Security Hub integrates with AWS Config, Amazon GuardDuty, and AWS Identity and Access Management, enabling continuous monitoring and streamlined incident response within the AWS ecosystem.
AWS CloudTrail is a service offered by Amazon Web Services that helps you govern, comply with regulations, and audit activity across your AWS infrastructure. It enables logging and continuous monitoring of account activity related to actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This service provides event history of your AWS account activities, including actions taken through the IAM, EC2, and other services, to help enhance security and simplify compliance audits.
Azure Security Center is a unified security management system that provides threat protection across hybrid cloud environments. It offers continuous assessment of security posture, automated threat detection, and actionable recommendations to enhance security. Security Center integrates with Azure Defender, providing advanced defenses for workloads running in Azure and on-premises. The platform enables organizations to maintain compliance with regulatory standards and effectively manage security risks.
Google Cloud Security Command Center (SCC) is a comprehensive security management and data risk platform for Google Cloud. SCC provides centralized visibility into security posture, detecting vulnerabilities, misconfigurations, and threats across Google Cloud resources. It integrates with Google Cloud services like Cloud Armor, Event Threat Detection, and Forseti Security, offering real-time insights and automated responses to security incidents. SCC helps organizations maintain robust security and compliance within the Google Cloud environment.
Integration and compatibility in cloud security refer to the seamless operation of security tools within a cloud environment, ensuring that they work harmoniously with other cloud-native services and infrastructure. Cloud-native security solutions are designed to integrate effortlessly with CSP platforms, enabling automated workflows, real-time monitoring, and consistent policy enforcement. Effective integration enhances overall security posture and simplifies management by providing a unified approach to security across the cloud ecosystem.
Cross-platform capabilities in cloud security enable security solutions to operate across multiple cloud environments and on-premises infrastructures. Third-party security tools often provide these capabilities, allowing organizations to manage security consistently across different platforms like AWS, Azure, and Google Cloud. Cross-platform solutions offer centralized visibility, unified policy enforcement, and comprehensive threat protection, facilitating seamless security management in hybrid and multicloud environments.
Automated monitoring in cloud security involves continuously observing cloud environments for potential security threats and compliance violations. Tools like AWS CloudWatch, Azure Monitor, and Google Cloud Operations Suite provide real-time insights into system activities, performance metrics, and security events. Automated monitoring enables rapid detection of anomalies, unauthorized access, and other suspicious activities, allowing organizations to respond swiftly and maintain security postures.

Managed security service providers (MSSPs) specialize in delivering comprehensive security services, including threat monitoring, incident response, and compliance management. They offer expertise in securing various environments, including on-premises, hybrid, and multicloud infrastructures.

Cloud service providers, like AWS, Azure, and Google Cloud, offer cloud computing services, including storage, compute, and network resources. While CSPs provide some native security tools, their primary focus is on cloud infrastructure. MSSPs enhance security by integrating advanced tools and providing continuous security monitoring and management, often across multiple CSP platforms.

Managed service providers (MSPs) offer a broad range of IT services, including network management, system administration, and technical support. CSPs deliver cloud infrastructure services like compute, storage, and networking. MSSPs focus specifically on security services, such as threat detection, incident response, and compliance management.

Cloud managed service providers (CMSPs) combine the roles of MSPs and CSPs, managing cloud infrastructure and services while also ensuring optimized performance and cost-efficiency. Each provider type addresses distinct needs, from general IT support to specialized security and cloud management.

Vulnerability management systems (VMS) identify, assess, and remediate security vulnerabilities within an organization's infrastructure. VMS tools scan for weaknesses in applications, networks, and systems, providing actionable insights to mitigate risks. MSSPs often integrate VMS into their service offerings, continuously monitoring client environments for vulnerabilities and ensuring timely remediation. CSPs provide some native VMS capabilities within their platforms, like AWS Inspector and Azure Security Center. MSSPs, though, typically offer more comprehensive VMS solutions, combining multiple tools and techniques to provide a holistic view of security vulnerabilities across diverse environments.
Compliance checks in cloud environments involve automated assessments to ensure that cloud configurations, policies, and practices align with regulatory standards and industry best practices. Tools like AWS Config, Azure Policy, and Google Cloud Security Command Center perform continuous evaluations, identifying deviations from compliance requirements. By providing real-time insights and actionable recommendations, compliance checks help organizations maintain adherence to regulations like GDPR, HIPAA, and PCI DSS, reducing the risk of legal and financial penalties.
Threat detection in the cloud involves identifying potential security threats and malicious activities within cloud environments. Cloud-native security tools use machine learning, anomaly detection, and threat intelligence to identify suspicious behaviors and indicators of compromise. Effective threat detection enables organizations to respond promptly to incidents, mitigating risks and protecting sensitive data from cyberattacks.
Advanced threat intelligence involves collecting, analyzing, and leveraging data on potential threats to enhance an organization’s security posture. Third parties like Palo Alto Networks provide in-depth threat intelligence services, offering insights into emerging threats, attack patterns, and vulnerabilities. By integrating advanced threat intelligence with cloud security tools, organizations gain proactive defenses, enabling them to anticipate and mitigate threats before they impact operations.
Security policies in the cloud define the rules and procedures for protecting cloud resources and data. These policies encompass access controls, encryption standards, incident response, and compliance requirements. Administrators use tools like AWS IAM policies, Azure Role-Based Access Control (RBAC), and Google Cloud IAM to enforce these rules. Effective security policies ensure consistent security measures, minimize risks, and help maintain compliance with regulatory standards across the cloud environment.
Customization in cloud security solutions allows organizations to tailor security measures to their specific needs and risk profiles. Third-party tools like Palo Alto Networks Prisma Cloud offer advanced customization options, enabling fine-tuning of security policies, threat detection parameters, and compliance checks. Customization ensures that security controls align with organizational objectives, industry regulations, and unique operational requirements, enhancing overall security effectiveness and resilience.
Cost efficiency in cloud security involves optimizing security investments to achieve maximum protection while minimizing expenses. Cloud-native solutions often provide cost advantages by integrating security features within the cloud service package, reducing the need for additional tools. Third-party solutions may involve higher upfront costs but offer advanced features that justify the investment. Organizations must balance cost with the level of security required to protect their assets effectively.
Licensing considerations for cloud security tools involve understanding the cost structures, usage limits, and feature sets associated with security solutions. Cloud-native tools like AWS Security Hub typically include costs in the overall cloud service package. Third-party solutions may require separate licensing fees based on factors like the number of protected assets, data volumes, or feature tiers. Evaluating licensing terms ensures organizations select tools that fit their budget and security needs.
Regulatory compliance in cloud security ensures that cloud services and practices adhere to legal and industry-specific regulations. Frameworks like GDPR, HIPAA, and PCI DSS mandate stringent data protection measures. Cloud-native tools and third-party solutions offer compliance checks and reporting features to help organizations meet these requirements. Maintaining compliance mitigates legal risks, protects sensitive data, and fosters trust with customers and stakeholders.
Scalability in cloud environments refers to the ability to dynamically expand or contract resources and security measures in response to changing demands. Cloud-native security solutions like AWS Auto Scaling and Azure Scale Sets automatically adjust resource allocation based on usage patterns. Third-party tools also offer scalable architectures that support growth and varying workloads. Scalability ensures optimal performance, cost efficiency, and robust security as organizational needs evolve.
Performance in cloud security measures the efficiency and effectiveness of security tools in protecting cloud resources without degrading system operations. High-performance security solutions provide real-time threat detection, minimal latency, and seamless integration with cloud services. Tools like Google Cloud Armor and AWS Shield deliver robust protection while maintaining system responsiveness. Ensuring high performance in cloud security minimizes disruptions and enhances user satisfaction.
CSP support refers to the technical assistance and resources provided by cloud service providers (CSPs) to help customers manage and secure their cloud environments. Providers like AWS, Azure, and Google Cloud offer support plans, documentation, and expert consultations to address security issues, optimize configurations, and ensure compliance. CSP support enhances the overall security posture by providing access to specialized knowledge and timely problem resolution.
Specialized vendor support refers to the expert assistance provided by third-party security vendors to help organizations implement, manage, and optimize their security solutions. Vendors like Palo Alto Networks and Fortinet offer dedicated support teams, consultancy services, and training programs. Specialized support ensures that security tools are deployed effectively, configurations are optimized, and emerging threats are promptly addressed, enhancing overall security resilience.
Hybrid cloud security involves securing infrastructures that span both on-premises data centers and cloud environments. Solutions like Microsoft Azure Arc and AWS Outposts extend cloud security controls to on-premises resources, ensuring consistent protection across all environments. Hybrid cloud security strategies address challenges like data sovereignty, compliance, and secure connectivity, providing a unified approach to safeguarding assets regardless of their location.
Security controls in the cloud are mechanisms and policies designed to protect cloud resources and data. These controls include access management, encryption, network security, and monitoring. Tools like AWS IAM, Azure Security Center, and Google Cloud Identity provide built-in controls to enforce security best practices. Effective implementation of security controls mitigates risks, ensures compliance, and maintains the integrity and confidentiality of cloud environments.
Risk assessment in cloud security involves systematically identifying, evaluating, and prioritizing potential threats and vulnerabilities within a cloud environment. Security teams use qualitative and quantitative methods, including threat modeling, vulnerability scanning, and penetration testing. They assess the likelihood and impact of each risk, considering factors like misconfigurations, unauthorized access, and data breaches. Effective risk assessment informs the implementation of targeted security controls, ensuring a robust defense against evolving threats.
Data protection in the cloud involves safeguarding sensitive information from unauthorized access, breaches, and loss. Techniques include encryption for data at rest and in transit, access controls, and regular backups. Security frameworks and compliance standards, such as GDPR and HIPAA, guide data protection practices. Tools like AWS Key Management Service (KMS), Azure Information Protection, and Google Cloud Data Loss Prevention help organizations implement robust data protection measures, ensuring confidentiality, integrity, and availability.
Cybersecurity strategies for cloud environments encompass a comprehensive set of practices and tools designed to protect cloud resources and data. Key components include implementing multifactor authentication (MFA), using encryption, conducting regular risk assessments, and employing continuous monitoring. Security frameworks like NIST and ISO/IEC 27001 provide guidelines for best practices. Organizations also leverage cloud-native security tools and third-party solutions to enhance threat detection, compliance, and incident response, ensuring a resilient security posture.

Related Content

  • The State of Cloud-Native Security Report

    Gain multi-industry intelligence to inform your cloud security strategies in our annual security report, which explores top security wins, wants, gaps and challenges.

  • The Definitive Guide to Container Security

    Securing your containerized applications is a critical component of maintaining the integrity, confidentiality and availability of your cloud services.

  • Securing the Data Landscape with DSPM and DDR

    Stay ahead of the data security risks. Learn how data security posture management (DSPM) with data detection and response (DDR) fills the security gaps to strengthen your security ...

  • The Buyer's Guide to DSPM and DDR

    Learn what to look for in a cloud data security provider and how DSPM and DDR can significantly enhance your organization's security posture.

Get the latest news, invites to events, and threat alerts