Address security weaknesses in the software development pipeline

Frans de Waal, Prisma Cloud Sales Specialist, Palo Alto Networks.

A recent Cloud Threat Report by Palo Alto Networks elite cloud threat researchers, Unit 42, reported on research emulating large-scale supply chain attacks like those involving SolarWinds and Kaseya, and discovered that cloud supply chain security continues to grow as an emerging threat. .

Speaking before a webinar on securing cloud native infrastructure, Frans de Waal, Prisma Cloud Sales Specialist, Palo Alto Networks, Says, “Research indicates that many organizations may still have a false sense of supply chain security in the cloud. Attackers don’t necessarily modify source code repositories to facilitate supply chain breaches. They don’t have to. They find weaknesses in the software development pipeline and attack them. Researchers in Unit 42 found that 63% of third-party code models used in building a cloud infrastructure contained unsecured configurations and that 96% of third-party container applications deployed in the cloud infrastructure contained known vulnerabilities. . “

A Unit 42 red team exercise carried out on the continuous integration and continuous development (CI / CD) pipeline of a SaaS client resulted in administrator access within the cloud environment of the organization by hard-coding 26 Identity and Access Management (IAM) key pairs stored in an internal GitLab repository. SaaS providers use CI / CD pipelines to provide rapid deployment capabilities for their services and applications. Some attackers deliberately target SaaS providers with the specific mission of compromising that provider’s CI / CD pipeline to insert malicious code into part of the application’s containerized ecosystem.

Each repository in the GitLab environment was accessible to any developer account in the organization. Some of the key pairs stored in the GitLab repository allowed researchers to increase their permissions in the organization’s cloud environment as they would be able to compromise the CI / CD pipeline, potentially resulting in hundreds, or even thousands, of downstream customers being affected.

De Waal says, “Organizations need to take a software and cloud-centric approach to security; automate security to keep pace with changing applications and software infrastructure. Prisma Cloud is the industry’s most comprehensive cloud-native security platform (CNSP), with the industry’s broadest security and compliance coverage – for users, applications, data and the entire stack cloud-native technology – throughout the development lifecycle and in hybrid and multi-cloud environments.

Palo Alto, in partnership with ITWeb, will host a Security Automation Stack webinar on November 30. The webinar will feature frameworks to represent all aspects of infrastructure and security as code, coupled with automation, applied throughout the build, deployment and execution phases. This event will also demonstrate the benefits of Prisma Cloud for organizations that operate in the cloud. For more information and to register for this event, click on here.

Comments are closed.