Technical Cloud Security: Security visibility in the cloud
This is the seventh in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will discuss the importance of security visibility in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.
We’re at a pivotal point in the evolution of security monitoring. Whilst it’s now fairly commonplace for an enterprise to operate or outsource a 24×7 SOC, or Security Operations Center, based around a SIEM, or Security Information and Event management, platform, many organizations are facing challenges to adapt these SOCs into a model that works for the New Style of IT – hybrid cloud, big data, and Internet of Things are all producing huge amounts of data and security alerts, and in many cases the traditional SIEM is unable to keep pace. In fact, HPE recently reported a year-over-year decline in overall security operation maturity in the 2016 State of Security Operations report, citing the transformation of IT alongside the increasing professionalization of the cybercriminal community as being the main factors for the decline.
Traditional security monitoring platforms have always focused on the three Cs – Collect, Correlate, and Consolidate – so that a security analyst is quickly able to use the intelligence delivered by the SIEM to identify a threat vector and decide a suitable response. However, whilst this works well for an on premise model, where all security alerts coming into the SIEM platform are originating locally, it’s often not a cloud-friendly approach. Take for example the adoption of a cloud based SaaS offering for office productivity – whilst in a traditional model, the application servers are internal, and security alerts are easily integrated into the SIEM platform, in a cloud model, all of the security intelligence lives somewhere in the cloud, and is not always easily integrated into a local SIEM instance.
Read the entire article here, Technical Cloud Security: Security visibility in the cloud
via the fine folks at HP Enterprise.