Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets

Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets

Your scheduled vulnerability scans may not catch short-lived cloud assets, creating opportunities for cybercriminals to exploit security gaps.  

The elastic nature of cloud environments allows cloud assets to be provisioned and decommissioned dynamically, oftentimes by stakeholders outside of security, such as DevOps, web and e-commerce teams. These short-lived assets present challenges for security professionals trying to achieve visibility to all of their organization's cloud assets. Waiting for a scheduled vulnerability scan once a week is not going to help you catch these ephemeral assets, which can spin up and spin down in a matter of hours, causing security gaps. And these gaps can provide cybercriminals with a host of new opportunities. Dynamic, short-lived cloud assets require an equally dynamic approach to vulnerability scanning.  

Why You Should Not Ignore Short-lived Cloud Assets 

Some of you may ask "since they are so short-lived, do these ephemeral assets post a real threat to my company's overall security posture?" Others may argue that "it is not easy to keep an inventory of these short-lived assets, so we are going to stick with other more measurable assets." The truth is that scheduled vulnerability scans provide you with point-in-time snapshots, leaving considerable exposure for the cloud instances that spin up and spin down between scans.

Many cloud assets are clones of one another. When one asset is exploited for its vulnerabilities, it could have a cascade effect on other copies. Once an asset is exposed, even if it was short-lived, nobody can predict its blast radius before it is decommissioned. 

For example, imagine a service that is part of an autoscaling group. When a peak time for your business hits, this service will autoscale to the necessary size to meet capacity. What if a critical vulnerability exists on this newly deployed service? Then it autoscales up to several hundred instances of this service — with each instance containing that same critical vulnerability. 

As you can see, taking either a "maybe-we-will-get-lucky" or an "ostrich-head-in-the sand" approach to short-lived cloud assets can expose your organization to threats and have a negative impact on the reputation and business you've worked so hard to preserve. 

Using Tenable.io to Protect Ephemeral Assets in the Cloud 

Your security team needs continuous visibility into your cloud workloads and instances, which can evolve multiple times a day. Your vulnerability management program should be designed to fortify dynamic cloud environments for effective security, continuous visibility and reliable IT operations. 

Tenable.io provides a comprehensive vulnerability management approach to help you assess your cloud attack surface by detecting vulnerabilities in your entire cloud stack. Tenable.io cloud connectors for Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) enable near real-time discovery of new short-lived compute asset deployments across your multi-cloud environments. 

In addition, Tenable.io Frictionless Assessment helps you continuously assess your cloud assets in AWS environments for vulnerabilities without the need to deploy scanners or install agents. Frictionless Assessment is especially effective against short-lived cloud assets, helping you avoid blind spots and coverage gaps. With Frictionless Assessment, you can automatically scan your cloud environments for new vulnerabilities as soon as they're identified, enabling you to rapidly assess your cloud assets for the latest software flaws..

With a tailored dashboard and reports, you can easily communicate vulnerability priority information with your business groups, including the teams that rely on short-lived cloud assets.

Learn more

  • Find out how Tenable helped Netskope increase its visibility into ephemeral assets in the cloud here.

  • See the three biggest challenges affecting cloud security here.

  • Learn how to improve cyber hygiene with cloud resource tagging here.

  • Find out more about how the shared responsibility model affects your cloud security choices here.


Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.