Web application attacks are posing a significant threat to both service provider and on-premise environments, according to a new report on cloud security by Alert Logic.
In its latest ‘State of Cloud Security Report‘, Alert Logic that Web application and brute force attacks were the most common security incidents affecting both on-premise and service provider environments. According to the report, which was conducted during a six-month period, 48 percent of the customers whose data was analyzed for the study were impacted by verifiable Web application attacks. Web application attacks affected roughly half (52 percent) of the cloud hosting provider environments, while 39 percent of enterprise environments experienced such attacks.
The frequency of attacks hitting enterprise data centers was higher than cloud hosting provider environments, the study found, with the frequency of reconnaissance attacks being nearly 10 times higher in enterprise environments than in the cloud. In the case of malware and botnet attacks, data center environments were targeted nearly three times more frequently than cloud environments.
Different IT environments face different threats. Attacks in enterprise data centers tend to be more sophisticated and targeted, versus cloud hosting provider environments, which experience more opportunistic threat activity. Nearly half (49 percent) of enterprise environments in the study experienced verified malware/botnet activity, compared to just five percent of cloud hosting provider environments.
Cloud hosting provider environments typically face a smaller variation in terms of the types of threats. According to the report, customers using enterprise data center environments experienced an average of 2.5 types of incidents, while those using cloud hosting provider environments experienced an average of 1.8 incident types.
“The data confirms what we suspected. Web application attacks continue to be a serious threat across all environments,” said Stephen Coty, director of security research with Alert Logic, in a statement. “These types of threats are easily launched through automated tools and should be a top concern for any organization that is serious about security.”