Cloud security is a marathon: Get a running start with packet visibility
By definition, clouds remove the need to manage underlying compute resources. But this also introduces a new architectural layer that can be difficult to seen through and is a perennial challenge for those defending company networks. Securing the network is not a one-and-done process, but more like training for a marathon, particularly in cloud environments where IT loses some visibility and control over vital information.
In Ixia’s 2017 survey of cloud users, more than 90% cited public cloud security among their chief concerns, while 40% felt less than satisfied with the security monitoring done by providers. Like running any marathon, a step-by-step plan is key to preparation and endurance.
For cloud security, three critical phases should be considered:
- Preparing to migrate without losing visibility: Planning is needed to ensure IT will still be able to detect, identify, and remediate security incidents with the same speed and confidence as they do in physical environments.
- Ensuring operations are secure from ongoing threats: Operating in the cloud also presents new vulnerabilities that may require additional security tools and solutions to turn raw data into the actionable intelligence needed to flag, analyze, and mitigate threats in real-time.
- Improving detection and response times as you scale: Serious runners compete against their own best times, and so do security teams. The ultimate goal is to limit any potential damage to services or brand reputation by responding faster and more effectively as deployments scale.
These steps may seem familiar, but operating in the cloud adds a new wrinkle: IT no longer has full visibility into events occurring outside their traditional network environments. Visibility challenges quickly turn into management challenges: What can we see or not see? Are security policies being implemented consistently? Are controls in place to prevent users from spinning up workloads that contradict policies?
In a recent webinar, Ixia and RSA discussed how to implement a holistic approach to cloud security based on two critical elements:
1. Restoring access to the detailed packet data that advanced security tools need.
Without packet data, visibility gaps become compounded as a company subscribes to multiple public cloud services. In the Ixia survey mentioned above, some 60% of cloud users reported struggling to gain access to packet-level data. The presenters share the limitations of the log file data supplied by cloud providers and how to ensure traffic moving to, from, and between every cloud instance created can be collected, to ensure there are no blind spots in your security monitoring. The webinar includes a short demonstration of how the Ixia CloudLens visibility platform automatically accesses traffic from every cloud instance, no matter what provider is used.
2. Transforming raw data into actionable, proactive intelligence
Armed with access to packet-level data, cloud operators then need solutions to help them transform the raw data into actionable security intelligence to identify the source of threats, reconstruct events to speed investigation, prioritize threat risks, and understand the context and full scope of each attack. The webinar delves into the approach used by RSA NetWitness, using deep analytic techniques such as modeling and machine learning to spot patterns, track the clues left by infiltrators, and help mitigate threats before they turn into catastrophic breaches.
View the webinar on-demand now and learn techniques you can use to secure your cloud workloads over the long haul.