Tel Aviv, Israel-based Stream Security (formerly Lightlytics) recently announced its entrance into the Cloud Security space with the launch of its upgraded real-time Cloud Twin technology. The company is now all in on CloudSecOps. We sat down with Or Shoshani, CEO and Co-founder, Stream Security, to discuss what makes their Cloud Twin solution stand out in the market and how the company sees cloud security challenges for organizations evolving in 2024.
How will Cloud Twin revolutionize cloud security for organizations? The announcement mentions the correlation of vulnerabilities with their exploitability level. How will this feature help users prioritize their security efforts, and what sets it apart from existing solutions?
The dynamic nature of cloud environments results in a continuous evolution of the attack surface and associated risk levels. CloudTwin stands out as the sole model capable of real-time exposure detection. Existing tools, such as CSPM/CNAPP are scanning-based, providing only a static snapshot of the exposure level at a particular moment, usually done once a day. These conventional scanners leave security teams blind for up to 24 hours, and it gives attackers the space to leverage automation to exploit these blind spots. In the rapidly changing landscape of cloud environments, where multiple processes contribute to ongoing changes, security teams need to grasp their exposure levels in real-time.
With the integration of Microsoft Azure support, Stream Security's Cloud Twin is expanding to encompass multi-cloud environments. Can you elaborate on the benefits and capabilities this integration brings to users?
Enterprises leverage multicloud environments to distribute risk across diverse cloud service providers. Despite these environments operating cohesively as a unified entity, security teams manage their exposures within distinct providers as isolated silos. CloudTwin seamlessly integrates both environments into a singular entity, unveiling the integration dependencies among diverse environments in real time. This integration empowers security teams to treat their various environments as a unified entity, enhancing the efficiency of detection and response efforts and ultimately clarifying exposure levels within these previously obscured blind spots.
Stream Security's Cloud Twin is said to constantly model the cloud environment in real-time. How does this technology aid organizations in detecting and responding to security threats more effectively?
Today, organizations employ two main categories of tools — scanners (CNAPP/CSPM) and SIEM — to detect their exposure. However, each scan provides a snapshot in time, quickly becoming outdated as soon as any changes occur. This introduces a potential 24-hour delay in detection, posing a substantial security risk, considering adversaries require only a brief moment of exposure to exploit vulnerabilities.
To overcome this challenge, security teams currently turn to SIEM/XDR solutions to stay informed about cloud activities. Nevertheless, these tools lack posture awareness, emphasizing "what" happened rather than the consequential "so what." This focus leads to a high volume of false-positive alerts, creating a dilemma for security teams: either investigate every event and neglect daily tasks or prioritize tasks and potentially overlook critical events.
Stream Security bridges this gap through its Cloud Twin, which is posture-aware, traffic-aware, business-aware and, crucially, operates in real-time. This capability enables security teams to focus solely on real alerts, streamlining their response efforts.
How do you see cloud security challenges evolving in 2024 and how should organizations get ahead of it?
One of the top cybersecurity threats we see surfacing in 2024 is a combination of social engineering, using AI to breach user data in the cloud and cloud attacks via identity vectors. Bad actors can steal credentials in a far more advanced fashion. With the help of AI, cybercriminals can use automated technology to generate deepfakes, log keys to steal login information and conduct vulnerability scanning to gain access to proprietary information faster than ever. Organizations should use cloud security tools that operate in real-time and are change-driven to help triage response and investigate in minutes — not days. While it is still helpful, we are far beyond the days of simply using multi-factor authentication to protect our data. Reducing the risk of stolen information requires real-time responses from trusted resources in the cloud.