App and Infrastructure Cloaking
  • 20 Sep 2022
  • 1 Minute to read
  • Dark
  • PDF

App and Infrastructure Cloaking

  • Dark
  • PDF

Article summary

While on-premise apps have traditionally been invisible to outside attackers thanks to perimeter-based firewalls, the adoption of Software as a Service (e.g. Microsoft 365, Salesforce), Infrastructure as a Service (e.g. AWS, GCP), and and other cloud-based technologies are not inherently locked down like this.

In many cases, these applications can be reached from anywhere, with data access gated only by some form of authentication.

Multi-factor authentication (MFA) has massively reduced credential-based attacks in which an attacker manages to log in, as if they were a legitimate user. However, MFA does not help to protect against more targeted credential theft attacks.

This leaves the accessibility of data and resources stored in the (private) cloud completely up to the efficacy of user authentication mechanisms, regardless of underlying device or network.

Cloaking Resources from the Open Internet

The best way to prevent an attack on these data resources is to eliminate their discoverability and accessibility from the open Internet as much as possible.

This means that an attacker – fully equipped with valid employee MFA credentials and even knowledge of the system(s) they want to exploit – will simply not be able to access those systems from their unsanctioned device.

For SaaS applications, an attacker won't be able to login to the application they are trying to reach.

For IaaS and private cloud, an attacker won't even get to the login screen or even get a single packet to reach the target service for that matter, let alone get a response back.

This is accomplished by Enabling Access for Trusted Devices, followed by Restricting Access for Anonymous Devices.

The net effect is simple: only sanctioned devices are able to "see" sensitive applications – for everyone else, the app is completely invisible.

Cloaking Benefits

  • Prevents attackers from discovering apps or infrastruture that could prompt futher attack escalation and exploit attempts.
  • Prevents attackers that have successfully executed a credential-theft attack from being able to access apps and data as the compromised user.
  • Enables comprehensive visibility, reporting, and exporting (for example, via SIEM) of cloud application access activity for any SaaS or IaaS app.
  • Mitigates DDoS attacks that could impact app availability.

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.