Improve your company’s data technology and strategy in Transform 2021.
Typical hybrid cloud IT integration strategies have fundamental design flaws that CIOs and CISOs must address if they are to prevent another attack at the scale of SolarWinds. Design flaws are evident in existing approaches to integrating public and private clouds with legacy systems. Inconsistent endpoint security and privileged access management have proven to be highly pervasive and painfully poor.
The first two articles in this series explain how achieving hybrid cloud security is difficult and how the SolarWinds hack exposed the biggest weaknesses in hybrid clouds. This post presents an approach to solving today’s hybrid cloud security challenges.
Find security gaps with network maps
The best first step to improving hybrid cloud security is to get an accurate, real-time view of every public, private, and community cloud and its integrations into your legacy systems. The goal is to gain greater visibility and control across the entire network by continuously capturing data on network activity all the way to the endpoint. Applying machine learning algorithms and cyber terrain analysis to data uncovers hidden security gaps in data logs or points to openings where data is not captured at all.
Your network mapping strategy should focus on quantifying how data moves within and between hybrid platforms. Hidden in the terabytes of data generated by hybrid clouds are indicators of potential vulnerabilities and, in the worst case, anomalous activity indicating a breach attempt.
Comprehensive network maps down to the IP address level, combined with network activity data, can identify potential security gaps. A data-centric approach based on real-time monitoring of a hybrid cloud network identifies the most vulnerable systems, network connections, and endpoints.
Real-time network monitoring is also more effective than unifying the completely different monitoring approaches that each public cloud platform has. Don’t believe the hype from cloud platform providers who claim to support visibility into third-party cloud platforms and ensure a hybrid cloud setup. It is best to adopt an unbiased and independent strategy when it comes to mapping the network of a hybrid cloud setup, ideally choosing a monitoring platform that also provides real-time data monitoring.
Look for these core areas of expertise when evaluating hybrid cloud mapping and security analysis platforms.
First, understand that, at a minimum, any cyber risk modeling platform needs to identify and isolate end device vulnerabilities at the physical level of the job. It is essential that a mapping platform supports this, because the telemetry data this generates is the basis for creating an accurate network map.
Second, network mapping platforms must identify whether each endpoint is up to date when it comes to patch management, where the endpoint is in the hybrid cloud network configuration fabric, and what the vulnerabilities are. potential, down to the operational level. system and endpoint security patches.
Third, an effective network mapping platform can trace each device to the IP address, providing contextual intelligence and location data.
Fourth, any network mapping platform must excel at visualization and provide deep graphical analysis to identify potential security anomalies and actual breach activity.
The following example of how RedSeal’s cyber risk modeling software works for hybrid cloud environments is helpful in understanding this. Cisco has standardized this approach to identify security gaps in its hybrid cloud strategies and optimize hybrid cloud network performance.
Machine learning identifies network vulnerabilities
Machine learning models are proving effective in identifying security gaps in hybrid cloud networks. This is accomplished by combining supervised and unsupervised algorithms to identify anomalies and create new predictive models based on the results. The value of having real-time monitoring data derived from network mapping begins to pay off when risk and threat correlation engines provide terrain mapping data and visualizations of a hybrid cloud network. Flaws, loopholes, overlooked security settings, and potential breach attempts are faster to find and remedy using machine learning visualization and analysis techniques.
The impact of machine learning on hybrid cloud network mapping and vulnerability assessment has led some to create threat reference libraries. These compare configurations using threat correlation engines. By capitalizing on insights from supervised machine learning models that continually learn based on real-time data monitoring, threat correlation engines prove accurate in identifying breach attempts and anomalous activity. For organizations pursuing a hybrid cloud infrastructure strategy to support new businesses and services, that’s good news.
Parallel to the development of correlation engines, there are risk engines that take advantage of data captured from monitoring the network in real time. Risk engines use advanced predictive analytics to calculate relative risk levels posed by unique combinations of hosts. By employing algorithms to navigate multiple scenarios involving random hosts, these risk engines identify the most critical vulnerabilities. From there, the risk scores define a prioritized list of vulnerabilities that need the immediate attention of security teams.
Cyber terrain analysis combines the results of the threat and risk correlation engines, continually refining them using real-time network monitoring data. Over time, the machine learning algorithms supported by the two engines adjust the terrain analysis to quantify how resilient a hybrid cloud network is while identifying vulnerabilities. The approach is proving effective in identifying threats in real time and taking action to thwart breach attempts in hybrid cloud configurations that would otherwise go unnoticed. Terrain analytics effectively models or simulates threat scenarios, providing invaluable data to organizations focused on hardening their hybrid cloud configurations.
Answers lurk in real-time data streams
The biggest security weaknesses of hybrid clouds have yet to be discovered. This is because they are mostly managed with security tools and techniques that are decades old and were created for a time when business models were much simpler.
Today, we need a more data-centric security approach to hybrid cloud infrastructure, one that combines the best of what data governance can provide with the latest machine learning technologies to identify and act on vulnerabilities.
The answers on how to improve hybrid cloud security are hidden in the real-time data streams these platforms produce as they operate and interact with both valid internal users and bad actors trying to breach the system. Creating contextual intelligence, along with a real-time view of all hybrid cloud activity, is where you should start.
VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain transformative technology insights and transact. Our site offers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- updated information on the topics of your interest
- our newsletters
- Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
- network features and more
Become a member