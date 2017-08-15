(Thomson Reuters ONE) -
On-Premises Workloads Experience 51 Percent Higher Rate of Security Incidents
than Applications Running on Public Cloud Platforms
Houston, Aug. 15, 2017 (GLOBE NEWSWIRE) -- Alert Logic, the leading provider
of Security-as-a-Service solutions for the cloud, today announced the
availability of its 2017 Cloud Security Report. The report analyzes customer
data from more than 3,800 Alert Logic cloud, on-premises and hybrid cloud
customers over an 18 month period, from August 1, 2015 to January 31, 2017.
Report findings are based on an analysis of more than 2 million security
incidents captured in Alert Logic intrusion detection systems and escalated by
Alert Logic Security Operations Center (SOC) analysts to its customers over 555
days, 32.5 million events associated with those incidents and 147 petabytes of
security data.
"We focused our analysis on incident types and the workloads and environments
most at risk," said Misha Govshteyn, Senior Vice President of Technical and
Product Marketing. "Cyber attackers continue to seek the weakest spots in
network defenses and businesses need to understand how they are refocusing to
take advantage of the changing attack landscape."
The Alert Logic customers in the report data set represent a broad range of
industries (452 unique SIC codes) and organization sizes, from small-to-medium-
sized businesses to large-scale enterprises. 82 percent of customer deployments
analyzed hosted workloads in the cloud - either on an Infrastructure-as-a-
Service platform or hosted private cloud - and approximately one-third
maintained on-premises or cloud hybrid infrastructure.
While the report focuses predominately on OWASP Top 10 attack methods, three
other significant categories of attack methods targeting Alert Logic customers
are examined. These include brute-force attacks, server-side ransomware and
undesirable outside reconnaissance.
Some of the top findings in the report include the following:
* Web applications are the soft underbelly of organizations. Web application
attacks accounted for 73 percent of all the incidents flagged in the 18-
month evaluation period. Web application attacks affected 85 percent of all
Alert Logic customers, with injection-style attacks such as SQL injection
leading the pack.
* Pure public cloud installations experienced the fewest security
incidents. On average, customers running applications on public cloud
platforms experienced 405 security incidents over the 18-month period while
on-premises customers experienced a 51% higher rate of security incident
escalations (612), hosted private cloud 69% higher (684) and hybrid cloud
141% higher (977).
* Server-side ransomware represented only 2 percent of total incidents. While
ransomware gets much mindshare in the cyber security industry and in media
headlines, it accounted for only a small number of observed security
incidents in the data set.
* Bad actors like content management systems and e-Commerce platforms.
Vulnerabilities in ubiquitous third-party web application components,
insecure coding practices and increases in exploit automation make content
management systems and e-Commerce platforms rich hunting grounds for hackers
targeting web applications. Attacks targeting Joomla accounted for 25
percent of total web application attacks observed followed by WordPress with
10 percent and Magento with 7 percent.
The report also examines five industry verticals - Finance Services and
Insurance; Health Services; Information Technology and Services; Production,
Manufacturing, and Logistics, and Retail and Accommodation - to pinpoint
prevalent attack vectors and patterns within those sectors.
To download a full copy of the 2017 Cloud Security Report, visit here.
Additional Resources Available:
Blog
(at)alertlogic on Twitter
LinkedIn
About Alert Logic
Alert Logic, the leader in security and compliance solutions for the cloud,
provides Security-as-a-Service for on-premises, cloud, and hybrid
infrastructures, delivering deep security insight and continuous protection for
customers at a lower cost than traditional security solutions. Fully managed by
a team of experts, the Alert Logic Security-as-a-Service solution provides
network, system and web application protection immediately, wherever your IT
infrastructure resides. Alert Logic partners with the leading cloud platforms
and hosting providers to protect over 4,000 organizations worldwide. Built for
cloud scale, the Alert Logic patented platform stores petabytes of data,
analyses over 400 million events and identifies over 50,000 security incidents
each month, which are managed by its 24x7 Security Operations Centers. Alert
Logic, founded in 2002, is headquartered in Houston, Texas, with offices in
Austin, Seattle, Dallas, Cardiff, Belfast and London. For more information,
please visit www.alertlogic.com.
