Traditional security solutions were designed to identify threats at the perimeter of the enterprise, which was primarily defined by the network. Whether called firewall, intrusion detection system, or intrusion prevention system, these tools delivered “network-centric” solutions.Innovation was slow because activity was dictated, in large part, by the capabilities, and limitations, of available technology resources. Much like a sentry guarding the castle, they emphasized identification and were not meant to investigate activity that might have gotten past their surveillance.Originally, firewalls performed the task
of preventing unwanted, and potentially dangerous, traffic. Then security
vendors started pitching “next generation firewalls” which was based on a model
that targeted applications, users and content. It was a shift that provided
visibility and context into the data and assets that organizations were trying
to protect.
Modern
environments require a new approachNow, with modern architectures, threats
that target public clouds (PaaS or IaaS platforms) demand a new level of
insight and action. They operate differently than traditional datacenters:
applications come and go instantaneously, network addresses and ports are
recycled seemingly at random, and even the fundamental way traffic flows have
changed. To operate successfully in modern IT infrastructures, you have to
reset how you think about security in cloud.Surprisingly, many organizations continue
to use network-based security and rely on available network traffic data as
their security approach. It’s important for decision makers to understand the
limitations inherent in this kind of approach so they don’t operate on a false
sense of security. A purpose-built cloud solution is the only thing that will
provide the type of visibility and protection required.The limits of
“next generation firewall”Security teams in modern environments
must first realize that in the cloud, most traffic is encrypted; that means the
network has no ability to inspect it. Even if you could perform a “Man in the
Middle” attack to decrypt the data, the scale and elasticity of the cloud would
make the current Next-Generation Firewalls useless.In an IaaS environment, applications are
custom-written, which means there are no known signatures that can identify the
app. The application becomes identified based on its security profile, and that
can change based upon how it’s used. For example, a security profile and
behavior of a database app will be different in communication patterns, like
for HR or Finance use cases. From a launch perspective however, they are the
same application and a next generation firewall cannot distinguish between them
to understand the application behavior or required policy. For example, the
same user in a production environment versus a development environment, working
on the same application, will still have a different security profile.As environments increasingly make use
containers and orchestration systems like Kubernetes, as well as serverless
computing, they present even more challenges for outdated security tools. These
new types of tools are built with microservices, an innovation that befuddles
next generation firewalls because they are blind to how they work.An approach built
for the cloudOne of the greatest cloud security
challenges comes from the fact that the cloud delivers its infrastructure
components, things like gateways, servers, storage, compute, and all the
resources and assets that make up the cloud platform environment, as virtual
services. There is no traditional network or infrastructure architecture in the
cloud.Deploying workloads into the cloud can quickly involve complex sets of
microservices and serverless instances that function in fluid architectures
that change every few minutes or seconds, creating a constantly changing
security environment. Here are some of the common security challenges presented
by the cloud:
Microservices
Infrastructure
as code
Machine based alerts do not make sense and
machines cannot be used to understand apps
The combined effect of all this
innovation? Exponential growth in a cloud environment’s attack surface. A busy
cloud environment can generate as many as hundreds of millions of connections
per hour, which makes threat detection a much more challenging proposition. Of
course, attackers are well aware of these vulnerabilities and are working
frantically to exploit them.The only way to secure a continuously changing cloud environment is
through continuous approaches to security. These security functions need to
include the following capabilities:
Continuous
anomaly detection and behavioral analysis that is capable of monitoring all
event activity in your cloud environment, correlate activity among containers,
applications, and users, and log that activity for analysis after containers
and other ephemeral workloads have been recycled. This monitoring and analysis
must be able to trigger automatic alerts. Behavioral analytics makes it
possible to perform non-rules based event detection and analysis in an
environment that is adapting to serve continuously changing operational
demands.
Continuous,
real-time configuration and compliance auditing across cloud storage and
compute instances.
Continuous real
time monitoring of access and account activity across APIs as well as developer
and user accounts.
Continuous, real
time workload and deep container activity monitoring, abstracted from the
network. A public cloud environment provides limited visibility into network
activity, so this requires having agents on containers or hosts that monitor
orchestration tools, file integrity, and access control.
Moving beyond -
WAY beyond - next generation firewallNew security tools designed to deeply monitor cloud infrastructure and
analyze workload and account activity in real time make it possible to deploy
and scale without compromising security. When operating in the cloud,
businesses need to know that their infrastructure remains secure as it scales.
They need assurance that they can deploy services that are not compromising
compliance or introducing new risk. This can only happen with new tools
designed specifically for highly dynamic cloud environments, tools that provide
continuous, real-time monitoring, analysis, and alerting.About the author:Sanjay Kalra is co-founder and CPO at Lacework, leading the company’s
product strategy, drawing on more than 20 years of success and innovation in
the cloud, networking, analytics, and security industries. Prior to Lacework,
Sanjay was GM of the Application Services Group at Guavus, where he guided the
company to market leadership and a successful exit. Sanjay also served as
Senior Director of Security Product Management for Juniper Networks, and
spearheaded continued innovations in the company’s various security markets.
Sanjay has also held senior positions at Cisco and ACC. He holds 12 patents in
networking and security.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
