Why IT needs smarter cloud security
For IT and security professionals, the job of keeping the enterprise secure is becoming an ever more complex proposition. In addition to the fact that distributed working looks set to become a permanent feature, keeping up with a raft of emerging new technologies while dealing with the rising tide of cyber threats means there is a growing number of tasks to keep on top of.
With time and resources in short supply, gaining full visibility of data from across the entire security stack will be key to achieving better and more comprehensive threat detection. But maintaining robust policies and controls also depends on adopting technology that is able to adapt quickly and self-learn from user behaviors.
Why IT teams need a smarter approach to cloud security and threat management
The rise of remote working at scale has thrown up a new set of challenges when it comes to understanding network and cloud security architectures. Throw BYOD and fast evolving and fluid hybrid workforce models into the mix and it’s vital that security policies and procedures are able to automatically respond to the working realities of today’s enterprise, so users don’t get locked out if the location or device they are using changes.
With more users working from more places accessing data that is in more places, managing endpoint security and web access is now a top priority. Initiating a modern security strategy now depends on utilizing cloud access security (CASB) technology to detect risks such as compromised credentials or insider threats. Because ultimately, when it comes to maintaining security, understanding where data is, where it is across the security stack, and what users are doing are all critical to ensuring threats can be responded to in a timely and consistent manner.
However, to elevate the security capabilities of the enterprise, IT and security teams now need to integrate all these insights and cloud activity data into a powerful cloud-based analytics and automation platform that enables them to move beyond traditional security information and event management (SIEM) and take advantage of powerful user and event behavioral analytics that make it possible to distinguish between what users normally do and anything out of the ordinary.
By ingesting cloud activity data into a modern SIEM platform, it now becomes possible to apply automated analytics to data gleaned from across the entire security stack. Everything from the firewall to the enterprise’s identity and access management (IAM) platform to endpoint activity. This enables the automated creation of smart timelines for the activities of every user that makes it possible to flag risky behaviors and explore any correlation between their cloud activity and other security solutions to identify if a remediation action is required. This could be blocking access to a SaaS application, or prompting a user re-authentication action via IAM to contain a potential incident.
By integrating CASB and SIEM security products, IT and security teams gain a much more granular view of their security ecosystem that now extends beyond traditional enterprise network boundaries to incorporate cloud activity data. Which means that cloud services can be scrutinized as closely as on-premises solutions for consistent security monitoring and adherence to compliance regulations.
Using these insights, it now becomes possible to monitor cloud-access events and identify anomalous activities such as excessive downloads that could indicate compromised credentials, privileged account abuse or sensitive data loss. Machine-built incident timelines automatically bring together normal and abnormal behaviors for users and devices, so security analysts can quickly and efficiently analyze and respond to threats.
Working smarter, faster
Integrating and automating the collection and correlation of security data from multiple sources to gain granular visibility of what users are doing in every environment, benchmark what constitutes 'normal behaviors', and analyze events to identify any new attack vectors is just part of the story.
With resources stretched to the limit, analysts need to be able to leverage their integrated SIEM and CASB solutions to define and automate enforcement actions that will free them up to focus on higher level activities. For example, initiating basic preventative actions that stops every user from receiving a phishing email the moment it is detected and blocking the URL contained in the link. Automating protection against these types of known threats means analysts can focus their time and expertise on proactively evaluating the evolving techniques, tactics, and protocols that threat actors are utilizing.
Rather than risking burnout by tasking junior analysts with tedious activities like reviewing the phishing inbox day in and day out, organizations can implement a long term strategy where talent management is concerned and empower analysts to pursue a higher form of decision-making and grow the capabilities of their existing security teams.
Having the ability to automate threat detection and response to known or easy-to-recognize threats means analysts can instead be deployed to determine whether an event represents an incident or not, what to do next, and monitor how adversaries are changing their attack patterns.
Making security adaptive for the hybrid world of work
With recent research revealing that 82 percent of company leaders expect remote working arrangements to become a permanent fixture, adapting security to cope with the complexities of hybrid working without compromising the user experience represents a major challenge.
As the workforce becomes more fluid, effective security management now depends on being able to automate the collection of security data from multiple sources in real time, including cloud activity data, applying analytics to identify anything out of the ordinary and automating a playbook of standardized responses to events that potentially represent a threat. It also depends on using machine learning to establish baselines of normal activity and intelligently detect anomalies, so individual users aren’t locked out the moment their working patterns evolve.
Anurag Kahol, is Founder and CTO of Bitglass. Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.