Key security use cases
and capabilities

Key security use cases

Web application security

According to the 2023 Verizon Data Breach Investigation Report, basic web application attacks are one of the most common attack patterns involved in both data breaches and security incidents, plaguing eight out of the 10 most reported industries, including financial and retail.² As mentioned earlier, there’s increased pressure to secure applications within themselves and at the network level. This is where web application security — such as a web application firewall (WAF) — comes in, protecting your cloud apps from intrusions and vulnerability exploits from the outside.

Segmentation

Public cloud workloads leverage the inherent design of cloud architecture and APIs to connect and communicate with one another from virtually anywhere. However, security is paramount, and no connection should be assumed secure. Workloads run in VPCs and the need to segment these VPCs help limit unauthorized lateral movement, contain malware at its entry point, and prevent the spread of ransomware between VPCs.

Segmenting VPCs in the cloud can be challenging as many organizations use data center firewalls for this use case, leading to complexity and visibility issues that can create security gaps. Therefore, it’s recommended to use solutions that integrate well with cloud-native services for accurate VPC mapping and effective security control placement.

Egress security

Since most workloads require third-party services, having visibility and control over outbound connectivity is essential. Egress security blocks unauthorized external communication to protect your workloads from threats such as malware distribution, unsecure APIs, and sensitive data exfiltration. Egress security requires TLS decryption for content inspection, URL/FQDN filtering, data loss prevention (DLP), and malware detection.

Core capabilities for your cloud security

Network access control (firewall)
provides control over connectivity between workloads via policy – essential for adherence to compliance mandates. Cloud-native constructs such as content security policy (CSP) tags are critical to creating policy definitions that are resilient and adaptable to frequent changes. Web application protection (WAF)
detects and blocks malicious traffic, based on rules, to protect applications and APIs against external threats including denial of service (DoS) attacks and malicious IPs. WAF can also restrict access based on user/IP geolocation.Threat prevention and detection (IDS/IPS)
provides real-time protection against network intrusion attacks, exploits, and exposures in application code and operating systems that workloads run on. IDS/IPS is instrumental in virtual patching against exploits of vulnerabilities such as Log4Shell. Exfiltration monitoring (DLP) provides visibility and control into the movement of sensitive data in your cloud environment. This allows you to set content- and context- based policies that leverage alerts and anomalous behavior data to block unauthorized access, movement, or retrieval of company assets or data. Malware detection and prevention (AV) includes antivirus solutions that detect and block threats such as viruses, trojans, and ransomware based on signatures and without the need for host-based agents. Outbound connectivity control (egress filtering) controls outbound destinations from cloud workloads, using URL and FQDN filtering (custom lists and category-based) to prevent unauthorized connections (i.e. command and control communication) and data exfiltration from cloud applications. Network traffic decryption (TLS decryption) is a foundational capability that enables security outside of the app workload to provide complete visibility and protect against hidden threats. Cloud decryption requires a high throughput performance and low overhead that can’t be provided by virtual appliance offerings.

Comprehensive multicloud workload protection

Figure 2. Cisco’s comprehensive approach to multicloud network security