Too many times we hear and read about how insecure the cloud is or worse — that the cloud is already secure because IaaS providers have security groups and protection capabilities. These ideologies are all too common and far too wrong. By using outsourced cloud infrastructure, you are only outsourcing your infrastructure, not your security. Security is always your responsibility.
The cloud does have detection and auditing capabilities
The cloud is not secure by default, but that only means that it’s your responsibility to implement the right detection and auditing systems to secure it (just as you would any on-premise technology). If you aren’t careful about password management, access control, network monitoring, firewalls, etc., you know that you are putting your users (and a bunch of data) at risk.
Cloud security does exist, in fact, you have the potential to make your cloud systems even more secure than your on-premise system by using the growing number of cloud security solutions and best practices in existence today.
Security is a process of innovation management
Let’s end the stigma that security experts are lagging in innovation. If you’re like us, you love testing out new technology and staying on top of the latest systems that you can use to make your job easier.
You already know of (and perhaps are using) the best on-premise and open source security solutions. Before, these were the only security solutions you had to work with, but now that the cloud is as pervasive as ever, a different genre of security technologies comes into play.
You’re familiar with OSSEC, the host-based IDS, and Snort, the network-based IDS/IPS. They are great OSS projects that are already used by many of us today. However, they don’t translate to cloud deployments today. Snort, for example, is too resource intensive because it’s not built for dynamic and elastic server deployments.
On top of that, most OSS security projects aren’t behavior-driven when it comes to identifying potentially malicious threats. They can’t understand normal server and network activity and build on that to detect abnormal activity, which would allow you to detect new forms of malicious attacks in the cloud. Snort and OSSEC rely on signatures — but we know now that those are all too easy to evade.
The easy answer to cloud security is to use your current OSS security systems for the cloud, but these traditional providers simply fall over once deployed in the cloud. It’s obvious, especially given recent exploits on many major cloud providers, that companies require better and easier-to-deploy security tools. If your infrastructure is in the cloud, you need a better cloud-based security monitoring solution.
Modern Detection & Auditing
The concept of continuous security monitoring isn’t new by any means. However, there are always new endpoints (email providers and accounts, computers, etc.) and that’s where the trickiest intrusions can occur — and where Threat Stack comes into play. Malicious hackers can easily take advantage of weak user passwords, leverage social engineering for internal credentials, or exploit gaps in your perimeter defense. Start with the belief that you will one day be compromised and then work backwards when determining your security posture.
Enterprises are taking the right steps to enforce strong, unique passwords, monitor system activity, and implement better firewalls, but that’s not enough. Unfortunately, they are not discovering these dangerous vulnerabilities fast enough. What they really need is a way to see where and how attacks are happening at all times — much like a physical surveillance system.
True cloud security monitoring relies on intelligently collecting endpoint behaviors, analyzing them, and instantly alerting you when suspicious activity happens. Beyond that, it’s important to also understand the scope and severity of an issue so you can begin fixing it immediately.
This method of behavior profiling, which Threat Stack has developed, is much more accurate because even though an attacker can change their attack strategy, it’s very hard for them to change their behavior — and it’s those behaviors that we look for and alert you about. We’ve actually created a specific Endpoint Behavioral Profiling™ technology that detects when something changes on your cloud infrastructure, consolidates the data around the issue, and alerts you immediately. Our system detects unusual activities like child processes and profiles that aren’t within normal standards on your system.
Enough with just relying on signatures and rules to detect attacks, or worse, thinking the cloud is inherently secure to some degree and pushing aside security system implementations. The cloud has serious security capabilities, it’s now up to you to put them into action.