How Todyl addresses the "Pandemic 11"

Zach DeMeyer
April 10, 2024

Today’s organizations are faced with a host of different attack vectors and surfaces they need to protect to keep adversaries from breaching their business. Studying the top breaches from the past several years, the Cloud Security Alliance (CSA) determined their “Pandemic 11,” the top eleven cloud security threats that organizations face. Thankfully, you can use Todyl to address each of the Pandemic 11 to keep yourself and your organization protected from common threats. Here’s how:

What are the Pandemic 11?

Surveying cybersecurity experts following massive breaches such as the ones that hit Okta, Dropbox, Uber, and others, the CSA determined the following are the largest threats that organizations face from the cloud:

  1. Insufficient identity, credentials, access, and key management
  1. Insecure interfaces and application programming interfaces (APIs)
  1. Misconfiguration and inadequate change control
  1. Lack of cloud security architecture and strategy
  1. Insecure software development
  1. Unsecured third-party resources
  1. System vulnerabilities
  1. Accidental cloud data disclosure
  1. Misconfiguration and exploitation of serverless and container workloads
  1. Organized crime, hackers, and advanced persistent threats (APTs)
  1. Cloud storage data exfiltration

Anyone tuned into recent cybersecurity news knows that, even after COVID-19 subsided, these are all still relevant and continually exploited threats. Unfortunately, organizations of all sizes are susceptible to these vulnerabilities.

Despite this, organizations need to prepare themselves to adequately prevent, detect, and respond to all forms of threats, even if they have affected the largest of businesses. In a traditional cybersecurity approach, you would need 11 or more tools to address each aspect of the Pandemic 11. Thankfully, with a consolidated security platform such as Todyl, you can defend against the Pandemic 11 from a single pane of glass.  

How to leverage Todyl against the Pandemic 11

Using Todyl, you can comprehensively address each of the threats laid out by CSA head-on.

1. Insufficient identity, credentials, access, and key management

Identity and access management (IAM) is a critical aspect of any strong security posture. But, with so many passwords at play for a single user, credentials can fall through the cracks into the hands of bad actors.  

Todyl SIEM integrates with most of today’s top IAM solutions, ingesting and alerting on event data such as failed logins and other indicators of compromise like impossible travel. Through Todyl, you can also control access to key network resources through SASE, adhering to a zero trust network access approach.  

2. Insecure interfaces and application programming interfaces (APIs)

As a part of Todyl’s SASE offering, you can establish conditional access to key resources like interfaces and other product environments through our software-defined perimeter. Static IPs allow you to further refine control by geolocation, so users must be operating on a trusted device within a trusted location or region to gain access.  

Through SIEM, you can also integrate logs from your environments like Azure to get insights whenever unauthorized access to their interfaces triggers a detection. Combined with SOAR, you can instantly disable or even deactivate the affected user’s Microsoft 365 account to prevent further compromise.

3. Misconfiguration and inadequate change control

SIEM plays a major role in understanding changes within applications and infrastructure. You can integrate your change management instance (Chef, Puppet, Ansible) into Todyl SIEM over TCP to pull syslog data. From there, you can identify events that indicate when changes have been made and if the associated user is an authorized one or not.  

4. Lack of cloud security architecture and strategy

As a comprehensive cloud security platform, Todyl can help you secure much of your IT environment from a single pane of glass. Doing so allows you to base your security posture around prominent frameworks and strategies like zero trust security or defense in depth. And, with our Governance and Risk Compliance (GRC) module, you can even compare your existing security documentation and controls to many recognized frameworks like NIST CSF to identify potential gaps and overlooked attack vectors.

5. Insecure software development

Like with #3 above, you can use Todyl to control access to and pull logs from development environments. Per a recent executive order from the White House, U.S.-based companies need to adopt memory-safe programming languages to prevent exploitation. Here at Todyl, memory-safe languages are used for most of the code that we write, with Go being the most used language across the engineering teams. It is used to write everything from our backend APIs to the control plane for packet processing, however we do, and will continue to leverage codebases written in C/C++ for high performance applications, such as packet processing across our SASE Secure Global Network, and applications that require deep integration with operating systems. The performance and capabilities of these limited codebases allow us to deliver a more performant, more reliable platform despite the additional cost and time associated with development. You can learn more here.

6. Unsecured third-party resources

Through SASE, you can establish conditional access policies for any device connected to it via the Todyl agent, including contractors and other third-party resources. With a zero trust network access approach, you can establish access to resources by the principle of least privilege. Using Todyl LAN Zero Trust, you can even further refine access by micro-segmenting the network. Doing so allows you to delineate a segment for contractors and other third parties to access necessary resources without having the ability to see or affect anything else going on in the rest of the network.

7. System vulnerabilities

When you opt to leverage Todyl Endpoint Security, it ingests system data that's analyzed by our machine learning (ML)-driven analytics logic and tuned, turnkey detection rules. As a result, Endpoint Security monitors for potential vulnerabilities on the system and alerts for indicators of malicious activity before an exploitation escalates to a full attack.

8. Accidental cloud data disclosure

Besides security awareness training, which is key in preventing accidental data disclosure, use Todyl to implement tight, fine-tuned conditional access policies. By ensuring that users are who they claim to be, you can prevent the misuse or improper handling of data by either bad actors or internal employees who are incapable of or otherwise unauthorized to do so. Through SIEM, you also can fully understand what happened leading up to the disclosure, allowing you to see how to better cover your bases in the future and prevent repeated outcomes.

9. Misconfiguration and exploitation of serverless and container workloads

As a fully cloud-based security platform, Todyl is ideal for controlling access to containerized environments, especially based on user, device, geolocation, or other conditions. This conditional access approach reflects a zero trust approach to network access, ensuring users are who they claim to be. Not only is this critical in preventing unauthorized access by adversaries with compromised credentials, but it also applies to your end users as well. That way, only your trusted engineers and developers can make changes within sensitive environments.

10. Organized crime, hackers, and advanced persistent threats (APTs)

Todyl’s Detection Engineering team is constantly updating our Endpoint Security and SIEM solutions to keep you ahead of new and emerging threats. We map alerts to known threat actors based on ongoing threat hunting and third-party research including MITRE ATT&CK to ensure Todyl users are protected even against novel adversaries.

11. Cloud storage data exfiltration

As established, you can use Todyl to put multiple preventive measures in place to keep cloud data sources from being compromised. But, in the case of a security event where data is affected, Todyl’s SIEM gives you the forensic information needed to understand the root cause of data disclosure. Armed with that data, you can take the necessary steps to remediate the issue, identify involved parties, and create additional layers of defenses to prevent similar events from occurring in the future.

Get started with Todyl

If you want to start addressing these prominent risks to your business, then reach out to us today to see Todyl in action. Click here to schedule a demo.

Stay up to date

Subscribe to receive the latest insights, news, and updates from Todyl.

Additional reading

Todyl Success Story: IT Haven improves client satisfaction and security through consolidation
Calculating Cyber Risk Appetite
Breaking down the cyberattack lifecycle: Monetization

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.