Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

12/7/2017
08:35 AM
Giora Engel
Giora Engel
News Analysis-Security Now
50%
50%

Keys to Moving Security to the Cloud

Security in the cloud may be the security you need; here is how to know where your security should live.

A decade ago, countless single-purpose appliances cluttered enterprise networks. Network engineers created complex high-availability architectures to accommodate the firewalls, intrusion detection systems, secure web gateways, anti-virus gateways, anti-spam appliances and more that safeguarded network traffic.

When new attack vectors emerged, security vendors responded with "there's an appliance for that," introducing new point products for every threat. Over time, to prevent the proliferation of appliances in customer networks, security vendors began to consolidate these capabilities into integrated security appliances.

While these integrated security appliances drew on external sources for threat intelligence, signature updates and other data feeds, the appliances still made all the security decisions. The "brains" of the security architecture was on-premises.

Bumps in the roadmap
The on-premises security model worked for many years, but it too is reaching its limit. While organizations will always need physical or virtual appliances on-site to enforce security policies, the following challenges are forcing organizations to re-think how they prevent threats: Scale
Over the years, threat intelligence feeds have grown exponentially. In 1995, the World Wide Web contained less than 20,000 websites; in 2017, there are over 1.7 billion, according to Netcraft. The number of malware variants also exploded from tens of thousands in 2005 to hundreds of millions now.

It is difficult for appliances to store and look-up this ever-increasing data set of threats. Plus, more advanced security techniques are required to detect attacks and malware that can mutate dynamically. Now, every URL, every file, and virtually every type of communication must be analyzed for malicious content and this complex analysis requires much more intensive computing resources than simple hash or IP address comparisons.

Agility
Just as threats and malicious actors have evolved rapidly, security defenses must keep pace. The best way to fight cyber adversaries is to continually develop and release new protections against threats in the form of software updates -- and then analyze their efficacy and refine them. Agile development is not possible for organizations if it takes months or years to install software upgrades to their on-premises appliances. Analytics
Preventing advanced threats requires more in-depth analysis than a typical physical or virtual security appliance can provide. To detect and stop a malicious insider, risky user behavior, or a sophisticated attacker operating in the network, security products must examine multiple attributes of behavior across protocols and over time.

Security products also need to compare user activity to expected behavior to detect anomalies and analyze traffic from multiple sources. All this analysis requires reams of data -- or at least metadata -- which calls for additional servers or appliances and introduces hefty capital and operating costs.

Navigating privacy concerns in the cloud
Cloud-based security, working in conjunction with on-premises security and enforcement, provides the scale, agility and analytics needed to fight modern cyber attacks. But if not handled properly, it can also pose challenges associated with privacy and compliance. Though ensuring that their data is secure is an obvious priority, organizations also need to comply with government and industry regulations, such as EU data protection laws that govern where and how user data can be stored.

To allay these security and compliance concerns, organizations can look for cloud security services that document what data is stored in the cloud, where it is stored, how it is secured, and who can access it. In addition, cloud security service providers should offer granular controls to configure which data is sent to the cloud and how long the data is retained. They should also engage a third party to review and certify the security, availability and privacy of their service.

When public cloud computing first burst onto the scene over a decade ago, many business and IT leaders were reluctant to adopt these services because of security and privacy concerns. Over time, they realized that cloud computing was not only more scalable and efficient, but it was often more secure than their on-premises systems.

Cloud-delivered security offers the same advantages. The benefits in terms of security innovation, operating cost efficiency, capex savings, and cross-technology integration are too great to return to older, on-premises-only architectures.

Organizations that are reluctant to use cloud security services can consider technologies where the benefits are the most compelling. These include:

  • Security analytics: Cloud-based analytics eliminates many of the headaches associated with the management and maintenance of on-site data repositories by leveraging the power of distributed and on-demand computing to tackle scaling limitations. More importantly, cloud-based logging is a foundation on which organizations can run analytics, orchestration, data visualization, reporting and countless other apps. Security analytics in the cloud unleash a new way to develop, deliver and consume innovative security applications from any provider, without additional complexity or infrastructure.
  • Advanced threat analysis: Cloud-based advanced threat analysis empowers organizations to perform in-depth analysis of suspicious files and communications without compromise. No longer encumbered by the performance and system restraints of an appliance, a cloud-based service can perform dynamic analysis, static analysis, machine learning and even bare metal analysis of suspicious files to detect attacks and defeat evasion techniques.
  • URL reputation services: The sheer number of domains and unique URLs demonstrate the need for cloud-based reputation scoring of URLs. Cloud-based URL look-ups, in conjunction with a local cache, maximizes speed and accuracy and ensures that URL classification data is current. Cloud-based URL reputation services really outshine static URL classification databases -- when users attempt to access URLs that have never been seen before, they can perform on-demand automated analysis to determine if the URL is malicious.

As the traditional network perimeter fades away and organizations face the task of protecting distributed networks and a growing workforce of mobile users, cloud security services -- combined with on-premises policy enforcement -- provide an easy and integrated way to monitor, protect, analyze, and report on the security of the entire organization, including all its users, applications and data. A hybrid cloud and on-premises security architecture is the only way to achieve the best security outcomes at scale

Related posts:

Giora Engel is vice president of product management at Palo Alto Networks

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...