Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Cloud Security 101: What are Monitor, Detect and Response?

ChrisSteffen

This is the seventh blog of a series that provides the basics of information security in the cloud. In this series, we will provide definitions and best practices for many of the elements that should be considered as part of a cloud security program. In addition to a blog, each topic will also have a short video, providing some additional information on the subject.  The previous blog and video discussed the topic:  "What is Identity Management?" In this installment, we will be discussing the topic: "What are Monitor, Detect and Response?"

In any computing environment – large enterprise data centers to the computer closets of a small business – the IT professionals that maintain the environment need to have visibility as to what is going on in the environment.ClouSec 101 Series.jpg With proper visibility, they can monitor the environment for anomalies, detect anomalies when they occur, and formulate a proper response to resolve.

There is nothing specifically different at the most basic level when discussing the topic of event monitoring, detection and response – the basic concept is the same for on premise data centers as it is for cloud environments. However, the Security Information Event Management (SIEM) tools used to accomplish the task may be different, and there are a few capabilities that should be considered when evaluating these tools for the cloud:

Data Aggregation: The SIEM tool must be able to collect information from all aspects of your hybrid environment: public cloud, private cloud and on premise workloads.

Event / Data CorrelationPicture1.jpg: The SIEM tool should unify events and information from multiple sources into a single, readable format.

Search Capabilities: The SIEM tool needs to be able to search millions of events quickly to determine and process any sort of anomaly.

Automated Analysis: The SIEM tool should find anomalies, send alerts (with severity) to appropriate parties and create reports for GRC teams and auditors.

Event detection and response is a critical consideration when selecting the SIEM tools that will manage a cloud infrastructure solution. Understanding how SIEM integrates into a company’s overall security vision is a critical component of any cloud infrastructure decisions. Regardless of the vendor an enterprise chooses as their cloud provider, understanding how event monitoring, detection and response to threats in the environment will be implemented and managed as part of their cloud solution will ensure that security considerations are appropriately addressed.

HPE has a great event management and response SIEM tool called HPE ArcSight that addresses all of the considerations discussed above.  You can find more information about ArcSight here.

For the next blog in this series, we will discuss the cloud security topic: "What is Data Protection?" To learn more about hybrid cloud security, download the whitepaper from 451 Research Group. You can also learn more about the HPE Right Mix hybrid cloud, as well as the Right Mix approach to cloud security. To find the additional parts, please search for Cloud Security 101.

  • HPE Cloud
0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all