Grounded in the Cloud
Showing results for 
Search instead for 
Do you mean 

Technical Cloud Security: Security visibility in the cloud

SimonLeech on ‎01-10-2017 07:02 AM

This is the seventh in a series of videos and blogs looking at some technical aspects of hybrid cloud security. Today we will discuss the importance of security visibility in the cloud. Other videos in the series can be found by searching for the tag cloudsectechvideos.

We’re at a pivotal point in the evolution of security monitoring. Whilst it’s now fairly commonplace for an enterprise to operate or outsource a 24x7 SOC, or Security Operations Center, based around a SIEM, or Security Information and Event management, platform, many organizations are facing challenges to adapt these SOCs into a model that works for the New Style of IT – hybrid cloud, big data, and Internet of Things are all producing huge amounts of data and security alerts, and in many cases the traditional SIEM is unable to keep pace. In fact, HPE recently reported a year-over-year decline in overall security operation maturity in the 2016 State of Security Operations report, citing the transformation of IT alongside the increasing professionalization of the cybercriminal community as being the main factors for the decline.

Traditional security monitoring platforms have always focused on the three Cs – Collect, Correlate, and Consolidate – so that a security analyst is quickly able to use the intelligence delivered by the SIEM to identify a threat vector and decide a suitable response. However, whilst this works well for an on premise model, where all security alerts coming into the SIEM platform are originating locally, it’s often not a cloud-friendly approach. Take for example the adoption of a cloud based SaaS offering for office productivity – whilst in a traditional model, the application servers are internal, and security alerts are easily integrated into the SIEM platform, in a cloud model, all of the security intelligence lives somewhere in the cloud, and is not always easily integrated into a local SIEM instance.

Today when evaluating cloud service providers (CSP), it’s important to understand the CSP’s approach to information sharing, as well as the SIEM platform capabilities – is the CSP prepared to deliver security alerts to your on premise SOC, and is the SIEM mature enough to offer an API to consume that data?

The video below discusses the role of security visibility in the cloud in more detail, and highlights the benefits of the HPE ArcSight platform in this context.

 

 

To learn more about hybrid cloud security, download the whitepaper from 451 Research Group or the Dummies Guide to Hybrid Cloud Security, HPE Edition. The 2016 HPE State of Security Operations report can be downloaded here. You can also learn more about the HPE approach to Hybrid Cloud Security on our website. Other videos in the series can be found by searching for the tag cloudsectechvideos.

0 Kudos
About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and Chief Technologist Security within the Hewlett Packard Enterprise EMEA Hybrid IT Team. Within Hewlett Packard Enterprise, Mr Leech is responsible for influencing and evangelising the security strategy of the Hybrid IT team. Simon is active on Twitter as @DigitalHeMan

Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all