Security intelligence in the cloud: Staying ahead of the threat

Share this post:

Last week, I visited one of my friends who practices psychology. He was focused on a patient’s transcript, so out of curiosity, I asked him how psychologists diagnose and cure patients when they can be so different and confined in their own worlds. He said that interacting with the patient consistently to know about their past actions, thoughts and behavioral changes helps psychologists perform diagnoses. They then follow a combination of both conventional (such as counseling, medicines, treatments and so on) and unconventional ways in order to cure them.

The overall task in psychology is to perform brain reading, to know how a patient thinks. This made me wonder if something similar could be implemented in the cybersecurity arena, where our security products could be empowered with an intelligence to think like an attacker and stop all unauthorized actions before any threat arises. In short, could we use security intelligence to stay ahead of the threat?

Ever-advancing security threats

With evolving advanced persistent threats (APTs), cybersecurity issues are becoming more complex. Threats are more dangerous when they are easily exploitable. They showcase the presence of loopholes at multiple levels of security products and hosted applications, functionality abuse, user awareness level and so on in the worldwide cybersecurity ecosystem.

What makes people hesitate to adopt cloud is its security controls and visibility. In an organization, there are different levels of security implemented with multiple vendors’ security products, including identity, access management, firewall, intrusion prevention system (IPS), intrusion detection system (IDS), vulnerability scanners and so on, but unfortunately these products never communicate to each other on incidents logged in their separate workspaces. Each product may record millions or billions of security events, and they mostly get resolved through the conventional way of an attack mitigation. Mining for critical severity events from billions of events recorded per day is a challenging task, similar to finding a needle in haystack.

If a hosted application provides a free upload feature for media files, documents on a resume portal or other similar files, an attacker can upload a specially-crafted file and inject arbitrary code or commands to be executed when the application starts data processing. This may lead to a denial-of-service (DoS) attack crashing the server. This can happen on both traditional and cloud-based deployments. Specifically, a public cloud provides a larger attack window that can allow an attacker to mitigate conventional security either through a legitimate user or service, or through data traffic, and to perform several kinds of attacks on virtual systems and hosted applications.

Security benefits in the cloud

Security intelligence in the cloud is an automated process that performs security analytics that bring together all events from multiple products to perform a correlation, behavioral analysis and anomaly detection of attacks. This helps to transform the challenging factor of security control and visibility into a key feature that helps cloud service providers to be more efficient in dealing with threats. It implements the mechanism to correlate multiple kinds of events from different security devices and resolves the most critical severity events as per the security policies of an organization.

Overall, security intelligence in cloud helps in the following four ways:

1. Combines and gathers data from different cloud networks, which is then correlated and distributed across all cloud users and administrators. This is similar to a news channel gathering data from different communication sources and providing it to users with highly prioritized and detailed information, irrespective of geographical boundaries.

2. Reduces expenses incurred to perform and maintain security infrastructure and deployments for any organization in the cloud by providing security as a service.

3. Automates risk assessment and vulnerability management to minimize the tasks window performed to safeguard an organization’s assets.

4. Prioritizes the security events through an effective mining as per security policies over a period of time, irrespective of the different types and sizes of data growth.

What other benefits have you experienced with cloud security intelligence? Leave a comment below.

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading