- 20 Sep 2022
- 1 Minute to read
App and Infrastructure Cloaking
- Updated on 20 Sep 2022
- 1 Minute to read
While on-premise apps have traditionally been invisible to outside attackers thanks to perimeter-based firewalls, the adoption of Software as a Service (e.g. Microsoft 365, Salesforce), Infrastructure as a Service (e.g. AWS, GCP), and and other cloud-based technologies are not inherently locked down like this.
In many cases, these applications can be reached from anywhere, with data access gated only by some form of authentication.
Multi-factor authentication (MFA) has massively reduced credential-based attacks in which an attacker manages to log in, as if they were a legitimate user. However, MFA does not help to protect against more targeted credential theft attacks.
This leaves the accessibility of data and resources stored in the (private) cloud completely up to the efficacy of user authentication mechanisms, regardless of underlying device or network.
Cloaking Resources from the Open Internet
The best way to prevent an attack on these data resources is to eliminate their discoverability and accessibility from the open Internet as much as possible.
This means that an attacker – fully equipped with valid employee MFA credentials and even knowledge of the system(s) they want to exploit – will simply not be able to access those systems from their unsanctioned device.
For SaaS applications, an attacker won't be able to login to the application they are trying to reach.
For IaaS and private cloud, an attacker won't even get to the login screen or even get a single packet to reach the target service for that matter, let alone get a response back.
This is accomplished by Enabling Access for Trusted Devices, followed by Restricting Access for Anonymous Devices.
The net effect is simple: only sanctioned devices are able to "see" sensitive applications – for everyone else, the app is completely invisible.
- Prevents attackers from discovering apps or infrastruture that could prompt futher attack escalation and exploit attempts.
- Prevents attackers that have successfully executed a credential-theft attack from being able to access apps and data as the compromised user.
- Enables comprehensive visibility, reporting, and exporting (for example, via SIEM) of cloud application access activity for any SaaS or IaaS app.
- Mitigates DDoS attacks that could impact app availability.