One of the biggest benefits of the Threat Stack Cloud Security Platform® is the deep level of visibility we bring to observing operator behaviors in customers’ cloud runtime environments. We frame this discussion in terms of “security observability,” and it can be distilled into a single question: “If suspicious or risky behaviors occur on one of your servers, what can you see and how quickly can you see it?” Read more “Threat Stack Introduces Bulk Data Export Feature”
Before you can assign responsibility for a security breach, you need to go back to the scene of the crime and understand where it originated. No easy task given the dynamic and complex nature of cloud computing environments.
Dr. Watson is the intellectual and gentlemanly sidekick of fictional detective Sherlock Holmes. With Watson at his side, Sherlock is able to better navigate the complexities of human emotion (not his forte), so Sherlock leans on Watson, and understandably so. They make a good pair.
But while Watson is able to solve the odd mystery himself, only the highly observant Sherlock, with his machine-like analytical mind, is able to produce the insight needed to crack their toughest cases.
You can think of cloud security in the same way. A basic cloud security system will probably alert you to many of the biggest, most obvious attacks. But without sufficient context, you won’t be able to see the full scope of impact. You won’t know where it has spread in your system or what kind of damage it has done. Even if you manage to stop it in one area, you may not succeed in defeating it, and the ramifications can be distressing.
Cloud context gives you the clarity of a Sherlock Holmes.
What if one day you came home and a bunch of your valuables had been stolen: computers, jewelry, that big screen TV. When you call the police to report the burglary, the first thing they will ask for to begin the investigation is context:
What time did it happen?
Was there a break-in? If not, who had keys to your house?
Where were your valuables being stored?
The more information they have, the better the chances they they will track down the culprit and get your stuff back. Now, if you have a home surveillance system set up — say, a Dropcam or Canary — they’re going to have even more information to work with: timestamps, video footage, audio, etc.
All in all — the more context you have, the better. The same applies to cloud security. When something goes awry, context is what guides you about what to do, where to start investigating, who’s at fault.