Last week, I visited one of my friends who practices psychology. He was focused on a patient’s transcript, so out of curiosity, I asked him how psychologists diagnose and cure patients when they can be so different and confined in their own worlds. He said that interacting with the patient consistently to know about their past actions, thoughts and behavioral changes helps psychologists perform diagnoses. They then follow a combination of both conventional (such as counseling, medicines, treatments and so on) and unconventional ways in order to cure them.
The overall task in psychology is to perform brain reading, to know how a patient thinks. This made me wonder if something similar could be implemented in the cybersecurity arena, where our security products could be empowered with an intelligence to think like an attacker and stop all unauthorized actions before any threat arises. In short, could we use security intelligence to stay ahead of the threat?
Ever-advancing security threats
With evolving advanced persistent threats (APTs), cybersecurity issues are becoming more complex. Threats are more dangerous when they are easily exploitable. They showcase the presence of loopholes at multiple levels of security products and hosted applications, functionality abuse, user awareness level and so on in the worldwide cybersecurity ecosystem.
What makes people hesitate to adopt cloud is its security controls and visibility. In an organization, there are different levels of security implemented with multiple vendors’ security products, including identity, access management, firewall, intrusion prevention system (IPS), intrusion detection system (IDS), vulnerability scanners and so on, but unfortunately these products never communicate to each other on incidents logged in their separate workspaces. Each product may record millions or billions of security events, and they mostly get resolved through the conventional way of an attack mitigation. Mining for critical severity events from billions of events recorded per day is a challenging task, similar to finding a needle in haystack.
If a hosted application provides a free upload feature for media files, documents on a resume portal or other similar files, an attacker can upload a specially-crafted file and inject arbitrary code or commands to be executed when the application starts data processing. This may lead to a denial-of-service (DoS) attack crashing the server. This can happen on both traditional and cloud-based deployments. Specifically, a public cloud provides a larger attack window that can allow an attacker to mitigate conventional security either through a legitimate user or service, or through data traffic, and to perform several kinds of attacks on virtual systems and hosted applications.
Security benefits in the cloud
Security intelligence in the cloud is an automated process that performs security analytics that bring together all events from multiple products to perform a correlation, behavioral analysis and anomaly detection of attacks. This helps to transform the challenging factor of security control and visibility into a key feature that helps cloud service providers to be more efficient in dealing with threats. It implements the mechanism to correlate multiple kinds of events from different security devices and resolves the most critical severity events as per the security policies of an organization.
Overall, security intelligence in cloud helps in the following four ways:
1. Combines and gathers data from different cloud networks, which is then correlated and distributed across all cloud users and administrators. This is similar to a news channel gathering data from different communication sources and providing it to users with highly prioritized and detailed information, irrespective of geographical boundaries.
2. Reduces expenses incurred to perform and maintain security infrastructure and deployments for any organization in the cloud by providing security as a service.
3. Automates risk assessment and vulnerability management to minimize the tasks window performed to safeguard an organization’s assets.
4. Prioritizes the security events through an effective mining as per security policies over a period of time, irrespective of the different types and sizes of data growth.
What other benefits have you experienced with cloud security intelligence? Leave a comment below.