Research Insights: Unit 42 Cloud Threat Report, 2H 2021

Highlights From the Unit 42 Cloud Threat Report, 2H 2021

Unit 42 released a threat report from analyzed data from a variety of public data sources around the world to draw conclusions about the growing organizations face today in their software supply chains. In the analysis, Unit 42 found:

  • 63% of third-party code templates used in building cloud infrastructure contained insecure configurations.
  • 96% of third-party container applications deployed in cloud infrastructure contain known vulnerabilities.

An expert from Blue Hexagon offers perspective.

Research Insight:

Saumitra Das, CTO and Cofounder, Blue Hexagon:

“Given business pressure on developer teams, it is impractical to assume you can harden yourself to be fully secure via IaC checking and vulnerability management. Organizations are unable to enforce IaC companywide and even known CVEs can take weeks and months to patch just on external facing workloads. Even simpler fixes like misconfigurations take days and weeks to fix even after detection. This report is in line with what we see at organizations trying to be secure in the cloud. The key is not to put all your eggs in the shift-left basket but perform continuous lifecycle threat detection and response in the cloud.”