Cloud-sourcing: Using Global Threat Intelligence to Instantly Protect Your Cloud Assets

By Jonathan Maresky, CloudGuard Product Marketing Manager, published October 21, 2020  

When it comes to security in the cloud, companies face constant, daily threats. This situation has only been exacerbated by the COVID-19 pandemic. In just 10 of the biggest data breaches in 2020, over 3.2 billion records were exposed, the majority of them from medical and healthcare organizations.

The intensity of these new threats has also served as a powerful wake-up call. While organizations may struggle to handle thousands of new threats every day, enterprises can now collaborate through a global threat intelligence network to effectively thwart these dangers and even prevent zero-day attacks.

This blog post explores why real-time global collaboration and big-data analysis have become indispensable in handling cloud threats and how ThreatCloud’s continuous stream of global security intelligence is bringing these capabilities to Check Point customers.

Source: Pete Linforth from Pixabay

The Cloud Can Be a Dangerous Place

Migrating to the cloud can be daunting, particularly when it comes to security. According to Check Point’s 2020 Cloud Security Report, over 50% of companies are convinced that cloud environments are more susceptible to security breaches than on-premises.

Attacks often compromise not just one company but many entities at once. In July 2020, security researchers discovered a new botnet mining campaign that exploits misconfigured Docker servers to set up malicious crypto-mining containers on company cloud infrastructure. This botnet had operated under the radar for half a year, compromising the infrastructure of any company that exposed its Docker API online. These incidents are just a few examples of a widespread phenomenon.

Security threats can result in data theft, disrupted business continuity, and reputational damage. Yet the cloud comes with invaluable capabilities that shouldn’t be sacrificed because of these fears. The real question is how to use the cloud without exposing your company to security risks.

Moving Toward Global Collaboration

Although public cloud providers offer built-in security tools, individual companies are ultimately responsible for securing their own data and workloads in the cloud. Meanwhile, traditional security tools aren’t built to handle the cloud’s dynamic and distributed nature. More than 80% of executives in the 2020 Cloud Security Report believe traditional security tools either don’t work at all or have limited functionality in cloud environments.

As a result, each company is essentially left to fend for itself, handling threats with limited knowledge and resources. Identifying new suspicious threat patterns requires a team of dedicated security experts, extensive compute power, and often many disparate cloud security solutions.

Unfortunately, even when an organization handling its own security successfully identifies one threat, other companies remain susceptible. A globally shared threat intelligence system can therefore serve as a powerful security tool. Check Point’s CloudGuard and ThreatCloud are exactly this kind of tool—utilizing data from around the globe to provide security to all users.

CloudGuard Network Security

CloudGuard provides advanced threat prevention and automated cloud network security. Its virtual security gateways deploy Check Point’s unified security management for public clouds and private clouds, as well as on-premises networks. CloudGuard is easy to use, highly performant, and can scale to handle any required throughput efficiently while using minimal resources.

CloudGuard owes part of its cutting-edge threat prevention capabilities to ThreatCloud, a global threat intelligence repository.

The Power of ThreatCloud

ThreatCloud is an advanced threat intelligence system with a database of threat events collected from millions of devices protected by Check Point worldwide, including mobile phones, computers, networks, systems, and IoT devices. It also contains reverse-engineered data on malware (e.g., spy bot signatures produced by Check Point Research) and additional threat information (e.g., compromised address lists taken from the industry’s most reliable malware feeds).

Source: Check Point Research

The result is a comprehensive and up-to-date threat repository that provides dynamic, real-time security intelligence to Check Point enforcement points across the globe. In addition to protection against known threats, ThreatCloud uses its accumulated knowledge to identify new suspicious patterns in response to queries from the devices and security gateways around the world, uncovering zero-day threats. For example, the system uses sophisticated security sandboxing technology to deduce from the behavior of a file whether or not it is suspicious, even if that threat has never been documented before. The processing is performed in the cloud, enabling ThreatCloud to scan millions of threat signatures in real time.

ThreatCloud creates unprecedented collaboration between companies worldwide through its big-data analysis. A threat detected in one security gateway can instantly help protect another Check Point customer on the other side of the world. For instance, a cellular phone in the UK can receive a threat alert on a virus that was analyzed and identified seconds before in New Zealand. This form of collaboration takes threat prevention to an entirely new level. In addition to real-time decision-making support, ThreatCloud provides users with a bird’s-eye view of the latest regional and global threats through its web-based service portal.

The true power of ThreatCloud can be seen in the data.

ThreatCloud in Numbers

With hundreds of millions of sensors across the globe, ThreatCloud is an incredible source of knowledge on the latest security threats. According to current ThreatCloud statistics, organizations experience an average of 12 emails with malicious attachments, 42 malware downloads, 720 malicious websites accessed, and a staggering 7,200 attempted exploitations of vulnerabilities every day. Over a 30-day period, 77% of cloud-based networks suffered from vulnerability exploit attacks, and 58% of cloud-based networks suffered from malware attacks. These threats can be prevented by CloudGuard’s IPS, Anti-Virus, Anti-Bot, Threat Extraction and other security technologies.

Source: Pixabay

In North America, organizations are attacked an average of 256 times per week, with most malicious files delivered through email. The most common vulnerability exploit type is remote code execution, impacting 64% of organizations in North America.

Hackers are constantly evolving new tactics, most recently exploiting the COVID-19 pandemic. Since its outbreak, the ThreatCloud system has identified a rise in coronavirus-related domains as well as targeting of video conference applications, media streaming services, money loans, and job applications. The Check Point research team has discovered 16 malicious apps masquerading as coronavirus-related apps.

ThreatCloud Capabilities

ThreatCloud is the ultimate solution for keeping up with the ever-evolving threat landscape. It makes over three billion decisions every day based on intelligence aggregated from over 150,000 networks and millions of devices protected by Check Point. Each decision is a definite yes or no, generating the most accurate, reliable, and on-point threat intelligence.

Check Point enforcement points consult with ThreatCloud over three billion times a day to determine whether a file, URL, domain, IP, or hash is suspicious. SandBlast, Check Point’s zero-day threat emulation and extraction solution, works together with ThreatCloud and uses 64 different threat-prevention engines, ensuring the best possible decisions.

Every day, ThreatCloud inspects 600 million files and emulates 13 million files, identifying 30 thousand bad ones on average. Of these malicious files, approximately one in four detections from our customer networks and endpoints were not known by other antivirus vendors.

ThreatCloud also prevents 2.7 billion vulnerability exploit attempts, 99 million post-infection communication attempts, and 158 million malicious infection attempts per day. Each threat is also stored in the ThreatCloud repository to share with Check Point gateways worldwide and inform even better and faster results in the future.

Summary

Cybercrime doesn’t rest for a minute. You need to be vigilant and constantly up to date to safeguard your cloud operations. In today’s reality, this proves to be an almost impossible task for those who go it alone.

Check Point’s CloudGuard, powered by ThreatCloud, provides a groundbreaking and essential tool for real-time threat collaboration. Leveraging big data collected in real time from all global security endpoints, CloudGuard ensures protection against known and unknown threats. This accumulated knowledge is then used to identify emerging threat patterns and thwart them before any damage is done.

What’s next?

If you are already using the cloud or in the process of planning your cloud migration, please contact us or schedule a demo, and a cloud security expert will provide their experienced insights.

How secure is your cloud from external threats? For a free, instant cloud security assessment, click here.

For more information on ThreatCloud, click here.

If you have any questions, please contact your local Check Point account representative or partner, or contact us here.

Follow and join the conversations about Check Point and CloudGuard on TwitterFacebookLinkedIn and Instagram.