Cybersecurity has always been a game of cat and mouse. But today it operates on a constantly accelerating speed and scale. The digital era has brought more data to steal and spread it across complex hybrid and multicloud environments while the bad guys are as likely to be sophisticated criminal gangs or well-funded, nation-state actors as lone-wolf hackers.

The market reflects this instability. McKinsey & Co. predicts cyber insurance costs will increase at a rate of 21% through 2025, with total spending on service providers rising to $101.5 billion in the same period. But throwing money at the problem won’t make it go away. Companies need to strategically spend in order to build their cyber resiliency level.

“Everyone has constrained security resources, and you have to focus those resources in the areas and the ways that reduce the greatest amount of risk,” stated Jon Ramsey (pictured), vice president of AWS Security – Enterprise Security Services at Amazon Web Services Inc.

Ramsey spoke with theCUBE industry analyst John Furrier at the “Cybersecurity — Detect and Protect Against Threats” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed what it takes for a company to become cyber resilient. (* Disclosure below.)

NIST provides security basics

The cybersecurity framework created by the National Institute of Standards and Technology distills data protection into a simple, step-by-step process. Identify the resources that need protecting, monitor them to detect threats, and respond and recover in the event of an attack.

The first step is also known as establishing a risk profile. This includes the most valuable assets, and then within that set the most valuable assets that have a known vulnerability and are likely to be targeted.

“You want to mitigate the threat or mitigate the vulnerability to protect the asset,” Ramsey stated. “Then you respond and then you remediate, and you have to continuously do that cycle to be in a position to have cyber resiliency.”

By design, cloud architecture is more resilient than on-premises. So, companies that build cloud-native applications have the advantage of being able to respond to attack in a surgical manner, according to Ramsey.

“Which is very important because then you don’t introduce risk when you’re responding,” he stated.

The benefits of the shared responsibility model

AWS customers benefit from the shared responsibility model the company has created to help ensure that the entire lifecycle is protected. Ramsey’s responsibility as the lead of Enterprise Security Services is to provide the services that help customers secure their side of the model. A range of services exists that target different points in the security framework. Amazon GuardDuty provides threat detection with real-time alerting, and Detective investigates these alerts and determines if there is an incident. Inspector looks for third-party vulnerabilities, while Security Hub seeks out configuration vulnerabilities and sensitive data discovery is undertaken by Amazon Macie.

But the shared responsibility model doesn’t split the burden evenly. The further up the stack you go, the more responsibility AWS takes, according to Ramsey.

“For example, GuardDuty takes an EKS audit feed for containers to be able to monitor what’s happening from a container perspective. And then in serverless, really the majority of what needs to be defended is part of our responsibility model,” he said.

This is an important shift because AWS has a “very large team who knows the infrastructure, who knows the threat, and who knows how to protect customers all the way up to the boundary,” Ramsey said . This is a big win for the customer in terms of time and resources, as their developer team no longer has to stress over security but instead can focus on meeting the business’ goals.

AWS works to secure trust boundaries

One of the trends emerging beyond the normal threat landscape is application programming interface protection. As the lynchpin that enables interconnectivity, APIs are at high risk of attack.

“The API is a trust boundary,” Ramsey stated. “You should assume that the one side of the trust boundary is malicious and you have to validate it. By default, make sure that you know that what you’re getting is actually trustworthy and valid.”

Data access points are another trust boundary where validation is required. The challenge here is that “customers don’t really know where all their data is or even where their sensitive data is,” Ramsey stated. This makes maintaining data security a tough task. AWS Macie was designed to scan Amazon’s Simple Storage Service for the most at-risk data. AWS’ Identity and Access Management Access Analyzer provides users with the ability to continuously review privilege authorizations, with the goal of getting as close to least privilege status as possible.

Technology is an essential part of building a cyber resilient company, but “we have to remember at the end of the day, on one end of the wire is a black hat, on the other end of the wire is a white hat,” Ramsey stated. “People are a critical component of being able to defend.”

Threat hunting can combat the alert fatigue suffered by security analysts. Instead of waiting for an alert, threat hunters proactively seek out signs of compromise and vulnerabilities within the most sensitive areas of a company’s systems.

AWS is in the process of stitching all its security services together and using inference and machine learning to help prioritize the areas of greatest risk for its customers in an effort to reduce the time that security analysts spend following unproductive trails, according to Ramsey.

“Someone doing an investigation or someone doing incident response is the most important time, [the] most valuable time,” he said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity — Detect and Protect Against Threats” event:

(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the “Cybersecurity Detect and Protect Against Threats” event. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE