Аналіз open-source засобів для захисту ресурсів у хмарних середовищах
Loading...
Date
2025
Journal Title
Journal ISSN
Volume Title
Publisher
Український державний університет науки і технологій, ННІ ≪Інститут промислових та бізнес технологій≫, ІВК ≪Системні технології≫, Дніпро
Abstract
UKR: Хмарні середовища стають невід’ємною частиною інфраструктури багатьох компаній через свою гнучкість, доступність та ефективність. Проте через свою динамічну природу вони створюють нові загрози безпеці даних, тому потребують окремих засобів для боротьби з ними. У статті проведено порівняння існуючих open source засобів для захисту хмарних середовищ: Checkov, Falco, Keycloak. Розглядають-ся їх недоліки та переваги, на основі їх аналізу зроблені висновки, що існує потреба у створенні більш досконалих засобів захисту хмарних середовищ.
ENG: Cloud environments are becoming an integral part of the infrastructure of many companies due to their flexibility, accessibility and efficiency. However, due to their dynamic nature, they create new threats to data security, therefore, they require separate tools to combat them. The article compares open source tools for protecting cloud environments: Checkov, Falco, Keycloak. According to the article, the main benefits of open source software are: price, stability and community support. For each of the tools some flaws are found which make these tools vulnerable to malicious actors: Checkov implements CSPM process which does not monitor the runtime environment, so it cannot identify suspicious behavior, such as an unexplained spike in network activity. Falco is hard to integrate into existing systems as it requires agents to be added to each component. Also it does not has any information on the control pane so it does not view on the entirety of the cloud which allows attacks to target underlying infrastructure instead of workloads. Keycloak has issues with scalability and can be difficult to configure and customize to integrate with some systems. Some systems might require some custom solutions to make integration possible and these solutions can lead to new vulnerabilities being introduced into the system. Also clients’ credentials might get compromised which can allow bad actors to access the system. These flaws make these tools not universal, so it creates the need to deploy and support several tools at once to protect the cloud, which leads to the complexity of the systems as a whole and increases their costs. Also, the complexity of the system can create new, non-obvious attack vectors. This demonstrates the need to create more advanced and universal tools that can simplify the process of protecting cloud environments.
ENG: Cloud environments are becoming an integral part of the infrastructure of many companies due to their flexibility, accessibility and efficiency. However, due to their dynamic nature, they create new threats to data security, therefore, they require separate tools to combat them. The article compares open source tools for protecting cloud environments: Checkov, Falco, Keycloak. According to the article, the main benefits of open source software are: price, stability and community support. For each of the tools some flaws are found which make these tools vulnerable to malicious actors: Checkov implements CSPM process which does not monitor the runtime environment, so it cannot identify suspicious behavior, such as an unexplained spike in network activity. Falco is hard to integrate into existing systems as it requires agents to be added to each component. Also it does not has any information on the control pane so it does not view on the entirety of the cloud which allows attacks to target underlying infrastructure instead of workloads. Keycloak has issues with scalability and can be difficult to configure and customize to integrate with some systems. Some systems might require some custom solutions to make integration possible and these solutions can lead to new vulnerabilities being introduced into the system. Also clients’ credentials might get compromised which can allow bad actors to access the system. These flaws make these tools not universal, so it creates the need to deploy and support several tools at once to protect the cloud, which leads to the complexity of the systems as a whole and increases their costs. Also, the complexity of the system can create new, non-obvious attack vectors. This demonstrates the need to create more advanced and universal tools that can simplify the process of protecting cloud environments.
Description
А. Гуда: ORCID 0000-0003-1139-1580
Keywords
хмарні середовища, кібербезпека, програмне забезпечення, розподілені системи, Checkov, Falco, CSPM, CWPP, cloud environments, cybersecurity, software, open source software, distrib-uted system, КІТС
Citation
Бобренок В. В., Гуда А. І. Аналіз open-source засобів для захисту ресурсів у хмарних середовищах. Системні технології. Дніпро, 2025. Т. 1, № 156. С. 32–38. DOI: https://doi.org/10.34185/1562-9945-1-156-2025-04.