Five Essential Capabilities for Airtight Cloud Security

Similar documents
Best Practices in Securing a Multicloud World

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

McAfee Public Cloud Server Security Suite

SIEMLESS THREAT DETECTION FOR AWS

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Microsoft Security Management

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

AWS Reference Design Document

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Spotlight Report. Information Security. Presented by. Group Partner

Securing Your Most Sensitive Data

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Qualys Cloud Platform

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Comprehensive Database Security

Title: Planning AWS Platform Security Assessment?

Cloud Connect. Gain highly secure, performance-optimized access to third-party public and private cloud providers

CLOUD SECURITY 2017 SPOTLIGHT REPORT PRESENTED BY

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

align security instill confidence

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

WHITEPAPER. How to secure your Post-perimeter world

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

McAfee Skyhigh Security Cloud for Amazon Web Services

Cognizant Cloud Security Solution

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

Defining Security for an AWS EKS deployment

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

WORKSHARE SECURITY OVERVIEW

Enterprise & Cloud Security

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

CLOUD WORKLOAD SECURITY

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

FireMon Security manager

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

WHITE PAPER. Five AWS Practices. Enhancing Cloud Security through Better Visibility

McAfee Cloud Workload Security Product Guide

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

CSP 2017 Network Virtualisation and Security Scott McKinnon

Best Practices for Securing Your AWS Cloud Network

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology

Closing the Hybrid Cloud Security Gap with Cavirin

Integrated Access Management Solutions. Access Televentures

Building a More Secure Cloud Architecture

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

Securing Your Amazon Web Services Virtual Networks

Security Camp 2016 Cloud Security. August 18, 2016

with Advanced Protection

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Combatting advanced threats with endpoint security intelligence

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Layer Security White Paper

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Cisco Cloud Application Centric Infrastructure

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Security and Compliance for Office 365

Secure Access for Microsoft Office 365 & SaaS Applications

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

Mastering The Endpoint

WHITEPAPER. Security overview. podio.com

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

ForeScout ControlFabric TM Architecture

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Tripwire State of Cyber Hygiene Report

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Enterprise Guest Access

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

SIEM: Five Requirements that Solve the Bigger Business Issues

Cloud Computing: Making the Right Choice for Your Organization

Everything visible. Everything secure.

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

AlgoSec. Managing Security at the Speed of Business. AlgoSec.com

Mapping BeyondTrust Solutions to

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Unlocking the Power of the Cloud

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Reinvent Your 2013 Security Management Strategy

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Next Generation Privilege Identity Management

Transcription:

Five Essential Capabilities for Airtight Cloud Security

SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption. According to a recent 2017 Cloud Security survey to over 350,000 members of the LinkedIn Information Security Community, IT pros have general concerns about security in the cloud (33 percent), in addition to data loss and leakage risks (26 percent) and legal and regulatory compliance (24 percent) 1. The number of reported breaches in enterprise datacenter environments still far exceeds the reported exposure from cloud platforms, but as businesses start using public clouds to run their mission-critical workloads, the need for enterprise-grade security in the cloud will increase. General cloud security isn t lacking by any means, with IaaS providers such as AWS offering a multitude of tools to help you secure your cloud environment. Implementing these tools however can prove daunting; according to a recent 2017 Gartner Report titled Assessing Cloud Security Monitoring and Compliance Capabilities in AWS. Third-party solutions are often necessary for full security life cycle assessment, compliance and GRC (Governance, Risk and Compliance) 2. But IaaS security is built on a model of shared responsibility between the cloud service provider, such as Amazon Web Services (AWS), and the customer. End-to-end security relies on enterprise customers establishing and enforcing strict policies and processes. Many organizations fail to secure their vital infrastructure end-to-end because they do not realize that security in the public cloud is fundamentally different from enterprise datacenter security. Today s enterprise datacenter has several layers of security measures. Connection policies and access controls are handled with care by firewalls, routers, and switches that designate zones, control which protocols are allowed, and revoke access to unauthorized users and machine processes. Supplementary security, such as intrusion prevention systems and malware protection, is often in place as well. The cloud is very different from the datacenter. The cloud is highly dynamic, flexible and instantaneously configurable; simple changes to security policies can expose private resources to the world. There are a lot of moving parts which means there can be oversights and errors. Configuration management, patch management, connection policies and access control require attention to detail. Public cloud environments require a centralized, consolidated platform for security that is built from the ground up for the cloud, and allows administrators to monitor and actively enforce security policies. The tools and techniques that worked to secure datacenter environments fail miserably in the cloud. Server-based controls such as firewall policies, file integrity monitoring (FIM), logging, and strong access controls may have to be applied to each workload, but they should be controlled from a single dashboard. Following is a checklist of the five capabilities enterprise customers need to look for when selecting a platform to manage infrastructure security in the public cloud. 1 POWERFUL VISUALIZATION - YOU CANNOT FIX WHAT YOU CANNOT SEE Figure 1: Powerful Visualization for Complete Security Control 1 Crowd Research Partners, Cloud Security 2017 Spotlight Report, Holger Schulze, March 29, 2017. 2 Gartner: Technical Professional Advice: Assessing Cloud Security Monitoring and Compliance Capabilities in AWS, Mike Morrato, February 13, 2017. 2

Public cloud providers such as AWS have built rich security features and granular controls, allowing administrators to manage which workloads can talk to each other and which are exposed to the whole world. As cloud environments grow across multiple virtual private clouds (VPCs), accounts and regions, it becomes increasingly challenging to understand and correctly configure security policies. Mapping relationships with a visualization tool can help administrators understand the network security posture and identity configuration errors. Taking the time to complete this process is even more critical in dynamic environments, where cloud elasticity means new workloads are being spun up on demand. NETWORK SEGMENTATION USING AGENTLESS, CLOUD-NATIVE SECURITY CONTROLS2 Figure 2: Network Segmentation with Agentless Security Controls Once a workload is created OS, apps and connections determined network security policies such as AWS security groups (SGs) need to be put in place to segment traffic and control access to servers. Developers and operations teams usually just accept the default security policies, which are overly permissive, allowing any connection from anywhere to any port on the new virtual server. It s easy to restrict access to one IP or several, but many administrators cannot predict beforehand which IP addresses they will be logging in from which means they fail to restrict critical access. Unfettered access to workloads in a cloud environment can be prevented by microsegmenting the network using built-in SG policies in cloud environments, so that breaches in one part of the application cannot spill over into other instances or services. 3

3 PROTECTION IN-PLACE REMEDIATION AND ACTIVE - GO BEYOND MONITORING Figure 3: In-place Remediation and Active Protection Customers cite elasticity and flexibility as the primary reasons for moving infrastructure to the cloud. However, tracking and maintaining control of security policies is where elasticity and flexibility can lead to issues. Virtual machines (VMs) are on the move changing from one domain to another and policies may not follow. This can lead to inadvertent exposure of backend servers to everyone. Security operations is really responsible for monitoring such changes to ensure that elasticity does not create misconfigurations or open back doors to sensitive data. As mentioned before, a visualization tool that makes these mistakes immediately apparent, combined with the ability to fix discovered issues in real-time and prevent them from recurring in the future, are the weapons of choice to combat moving assets. TIME-LIMITED ACCESS TO SERVICES WITH ON-DEMAND NETWORKING4 Figure 4: Dynamic Access Leases for Time-limited Access 4

If you remember years back, the City of San Francisco gave all the keys to their router kingdom to one network administrator, who ended up going rogue and would not give them up, even after being put in jail. Maintaining control over the keys to your network and infrastructure is the single most critical requirement for protecting cloud deployments. A security platform that allows a resource owner to assign access rights on an as-needed basis, on-thefly, for a limited amount of time, can help prevent such incidents. A contractor or employee can be granted access for a particular window of time. After the time allotted expires there is no need to manually revoke access it s automatic. This allows organizations to maintain a closed-by-default security posture by keeping the good guys in for just the right amount of time. Finally, implementing security training for your staff is a must in the opinion of many experts. In fact, according to the recent 2017 Cloud Security Spotlight Report, 53 percent of organizations plan to train and certify existing IT staff on cloud security, 30 percent plan to partner with a managed security services provider (MSP), and 27 percent will deploy additional security software to protect data and applications in the cloud.3 5 LOGGING AND INDEPENDENT AUDIT TRAIL WATCH EVERYTHING Figure 5: Logging and Independent Audit Trails In the worst-case scenario every workload dynamic administrator rights management, firewall policies, and file integrity management is in place, but things might still go wrong. A malicious visitor to the website may cause a denial of service by repeatedly refreshing a page that requires compute-intensive backend processes. How do you find the problem? Monitoring and logging every packet that passes across the cloud environment makes it possible to detect anomalous behavior and demonstrate that the security controls are in place as designed. Ensuring your security controls are in place as intended could be indispensable during an audit, when it is necessary to prove that controls are actually working. Crowd Research Partners, Cloud Security 2017 Spotlight Report, Holger Schulze, March 29, 2017. 3 5

IN CONCLUSION It s essential for IT security pros to have visibility into network architectures and on-system controls to provide better defense against the growing number of malicious attacks and inadvertent credential leaks. Deploying cloud controls everywhere and employing a central management dashboard make for an iron-clad system. These five capabilities will help deploy secure compute environments that will drive cloud adoption. ABOUT DOME9 SECURITY Dome9 delivers verifiable cloud infrastructure security and compliance to organizations across every public cloud. The Dome9 Arc SaaS platform leverages cloud-native security controls and cloud-agnostic policy automation to enable comprehensive network security, advanced IAM protection, and continuous compliance in Amazon Web Services (AWS), Microsoft Azure and Google Cloud environments. Dome9 offers technologies to assess security posture, detect misconfigurations, model gold standard policies, protect against attacks and identity theft, and conform to security best practices in the cloud. Organizations use Dome9 Arc for faster and more effective cloud security operations, pain-free compliance and governance, and rugged DevOps practices. Learn more at https://dome9.com. CONTACT US Dome9 Security, Inc. 701 Villa Street Mountain View, CA 94041 USA +1 877-959-6889 https://dome9.com contact@dome9.com For a free security assessment or trail, please contact: US Sales: +1-877-959-6889 International Sales: +44-20-8144-0620 Copyright 2017 Dome9 Security, Inc. All rights reserved. Other brand names are for identification purposes only and may be the trademarks of their holder(s). 6 FECB06162017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback