Page 6 - Cyber Warnings
P. 6
The ability to review and save the logs locally (for analysis and data archiving for audit
purposes) in many cases is a must-have for compliance reasons, even if different certified
versions of public clouds are used.
Which brings us to another important point:
2. There are some elements of control that you will need to insist on for the public cloud
to still be a viable option for your company…
This is really a continuation of the above point, but one of the most important things with moving
to a public cloud setup is that your network managers have access to server logs and are able
to analyse them to ensure there is no suspicious activity going on. Even if you have rules in
place to control traffic between VMs, you need to be able to see what is actually going on. On
one level this is for compliance and reporting, but it also allows you to save them and analyse
activity so that you can set benchmarks for what is “normal” activity and then spot early anything
that may fall outside of that “normal”.
3. You need to think differently about security in general
For both private and hybrid cloud networks, you can’t simply rely just on traditional lines of
defence. Technically, running AV and firewalls on VMs causes huge problems for VMs – read a
detailed explanation of this here – but also how we track suspicious activity has to change.
While many of the big AV companies will have well maintained databases of virus signatures,
they are very often updating these at least daily (sometimes more than once). In a cloud
environment this can have significant implications for performance if your resources are being
taken up with frequent updates. The problem is, hackers aren’t resting on their laurels, they are
continuously creating new ways to attack companies’ data, so spotting the signatures becomes
more complex. You may even have intrusions that have no signature. The ability to prevent
these “unknown” attacks and spot suspicious network activity is very important, particularly
within a virtualized environment.
With networks growing and the number of different attack techniques growing exponentially, you
need to have some antimalware defences that are not necessarily based on a set of rules, but
instead based on pattern analysis. Fortunately, machine learning is increasingly coming into
play in this arena, and there are a number of other additional technologies coming onto the
market that network managers can turn to for help:
• Behavior analytics and machine-learning techniques
These can enable organisations to continuously analyze data for earlier identification of exploits
and breaches (both outside and inside threats). The technology enables organisations to rapidly
respond to those attacks even in the absence of existing malware/attack signatures.
6 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
