Modern organizations leverage cloud-based Software as a Service (SaaS) platforms like Atlassian's powerful suite of tools to streamline workflows and empower teams.
Jira, a versatile work management solution, tackles various project needs – from software development and agile methodologies to bug tracking and issue resolution. Jira Service Management (JSM), built on Jira's foundation, caters specifically to service teams, enabling exceptional customer support through features like incident management, service desk ticketing, and self-service portals. Finally, Confluence fosters seamless collaboration by providing a central space for knowledge sharing, process documentation, and brainstorming. Use cases include building knowledge bases, planning and documenting projects, and facilitating effective communication.
As enterprise software giants such as Atlassian move their platforms to the cloud, it's only natural for the threats to follow. In a recent interview on the Biggest Cyber Security Threats in 2024, Antonio Forzieri from global security leader, Splunk Advisory, spoke about the increased cyber-attacks on cloud-based applications, "we have seen attackers exploiting it, we will continue to see attackers exploiting it.". Antonio continues by adding, "It's not just attackers attacking cloud, it's attackers using cloud (in their attacks)".
Atlassian is all too aware of the increasing threats to cloud posed by a multitude of sources and has responded by bolstering its own cloud security measures with the introduction of Atlassian Guard. This brings some practical steps forward for customers, but as with anything cyber-security related, there are limitations to what Guard is protecting against.
One of those exceptions is Malware.
"Atlassian Guard, its a new comprehensive security product", Scott Farquar speaking at Atlassian Team'24
Even though Atlassian prioritizes security, malware can still infiltrate your instance. Ideally, malware would be blocked at the entry point (upload). However, a strong defense goes beyond the first line. Regularly scanning backups – the application's "safety net" – for malware embodies the principle of defense in depth, adding another layer of protection.
A bit about defense in depth, also known as layered security, fortifies IT systems by employing multiple security controls at different levels. Think of it like a medieval castle – an attacker must overcome walls, moats, and guards to reach the inner sanctum. Similarly, each security layer in IT systems adds another hurdle for attackers. If one layer fails, others remain to impede a complete breach, significantly bolstering your overall IT security posture.
Several scenarios can lead to malware infecting your Atlassian sites:
While ideally these threats should be blocked by the application itself, the next best place would be to detect them and take action by scanning the backup data keeping in mind the concept of defense in depth.
These threats highlight the importance of not only having backups but also ensuring they're clean and malware-free. Infected backups could become a ticking time bomb – restoring from them could reintroduce malware into your system, negating the purpose of the backup itself.
Here are some compelling reasons to scan your Atlassian SaaS backups for malware:
The Revyz Data Manager for Jira and The Revyz Data Manager for Confluence apps available in the Atlassian Marketplace automatically scan for malware in attachments that are part of Jira Service Management tickets / requests, Jira issues, and Confluence pages. In the scenario where a malicious attachment has been detected, it is immediately flagged and brought to the attention of the administrator of the system so that they can take further action.
In addition to scanning for malware Revyz also provides an exportable list of SHA-256 hashes for all attachments in the system which could be fed into other threat hunting systems for further analysis.
Atlassian SaaS tools are invaluable assets to the running of any modern organization. However, robust security measures are essential to mitigate the risk of malware compromising your data. Regularly scanning your Atlassian backups for malware adds a crucial layer of protection to your business continuity plan. By implementing a solution with integrated malware scanning, you can ensure your backups are clean and readily available for a swift and secure recovery when needed.
Remember, a well-executed backup strategy combined with proactive malware scanning helps safeguard your valuable data and fosters a secure Atlassian environment for your teams.