Account Takeovers and Cloud Security, Part 3: The Anti-Phishing Solution

Having already looked at the challenges of moving to the cloud, and how attackers gain control of a victim’s account, in this third and final post in our cloud security series, we will be looking at how an in depth approach to defense is required to prevent account takeovers.


As discussed, the primary method used by attackers to gain unauthorized access to a user’s account is through a phishing attack, most commonly achieved through stealing a user’s login credentials by way of a social engineering.

Requirements of a Cloud Security Solution


In order to prevent such phishing attacks, an in depth security solution would need to detect such phishing attempts by scanning the content of emails, the trustworthiness of the sender, specially researched keywords and a list of other such variables.


Whereas many solutions perform such scanning detections on traffic received from outside of an organization’s network, what they fail to detect, however, is traffic received from within the network already. In fact, it is vital for a solution to scan internal emails from within an organization as phishing scams can very easily be spread from an already compromised account.


Such a solution that does perform internal scans must also work in harmony with the existing security of the cloud provider and perform security checks from within the email cloud service. This is something that is not currently done by most of the current solutions available in the cyber security product solutions market, which often demand to shut down security features that comes with the cloud service itself.


Before this solution can be put in place though, it is vital to ensure your IT environment is clean. To do this, your cloud security solution should have ‘anomaly monitoring’ added in order to monitor and detect anomalies such as forwarding rules, i.e. a compromised account sending malicious emails to external users.


Of course, though, detection is never sufficient. Prevention is always paramount and so your cloud security solution protects the last line of defence in your network security architecture, by applying identity protections, to prevent unauthorized access to accounts. Such identity protections must be able to deflect phishing attempts and yet still be easy to deploy with zero friction with users.


Cross Platform Essentials


Such protections must also be cross-platform and able to prevent intrusions on mobile devices, laptops, BYODs and managed devices. What’s more, they must seamlessly support both native and in-browser apps – something which is often a problem for currently available solutions to do.


Mobile devices pose additional problems and entry points for potential account takeovers by way of man-in-the-middle attacks, rooted mobile devices and devices with pre-installed malware. In order for your organization to prevent unauthorized access to sensitive corporate assets via such methods, the cloud solution must prevent these compromised devices from affecting the rest of the network.


Introducing CloudGuard SaaS


Powered by the Infinity Architecture, and as part of a comprehensive suite of products that deliver proactive protections for cloud data, workloads, networks and applications that fit with the dynamic nature of the cloud, CloudGuard is able to handle all of the above requirements and more. What’s more, it can be deployed in just one click.


In addition, whereas other cloud solutions are not synchronized with the security settings of cloud providers, thus causing many false positives when traffic reaches the internal network, being built on unique and different technology to other cloud solutions CloudGuard is able to perform internal scans while remaining in harmony with the security settings of your existing cloud provider.


CloudGuard SaaS is also the only security solution that is built from the ground up to prevent cyber criminals from hacking SaaS applications. While most SaaS security solutions offer only visibility and control over application policies, CloudGuard SaaS provides complete protections against even the most sophisticated malware and zero-day threats while easily preventing account breaches.


Account takeovers, and the pain that accompanies them, really are preventable. For more information on how CloudGuard, please read more about this unique solution to understand how it can protect your organization’s most sensitive assets.