Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Detection and Response in a Hybrid Cloud (Fifth in a Series)

ChrisSteffen

In my previous blog, I discussed the second of five key security capabilities, dynamic infrastructure hardening, as part of Hewlett Packard Enterprise (HPE) Helion’s three guiding principles for hybrid cloud security—shaping security standards, a shared responsibility model, and a defense in-depth. The five key security capabilities for protecting your hybrid cloud are—data-centric security; dynamic infrastructure hardening; monitor, detect and respond; continuous regulatory compliance; and shared access management. In this blog, I will share information on the third of these key security capabilities—monitoring, detecting and responding.

Cloud Security blog series HPE_Sec_Hero_400x267.jpg

Cyberattacks are growing exponentially and are increasingly more sophisticated, more frequent and more damaging—and the bad guys are getting smarter. The criminal marketplace has advanced beyond basic capabilities and is innovating and changing tactics every day. They are highly motivated to gain access to information for profit, politics and corporate espionage. According to a recent article in InfoWorld, there are even websites selling subscriptions and support, offering malware-as-a-service, which allows virtually anyone with little to no skills to potentially breach even sophisticated IT security environments.

A typical data breach response takes 24 days to detect and 46 days to address without proper controls or tools. That amount of time is unacceptable for today’s agile businesses. Having a quick response time to a security breach is paramount. By implementing capabilities that allow you to proactively monitor, detect and respond to security threats, you can remediate any security challenge faster. First, a quick response requires collecting and centralizing logs from the entire hybrid IT environment—private cloud, public cloud and traditional IT deployments. Next, analysis, reporting and alerting of the centralized data needs to be automated for IT operations, IT security and IT governance, risk and compliance (GRC) teams. This centralized data also needs to be archived and available for future use to correlate and troubleshoot attacks. Finally, maintaining audit trails captured from security events gives the GRC teams the supporting information needed for governance and compliance policy. All of these functions are required to adequately, and quickly, respond to today’s threats to a hybrid cloud environment. Having the right tools and procedures in place allows for fast detection and remediation to data breaches within hours—across your entire hybrid infrastructure.

Hewlett Packard Enterprise industry-leading security information and event management tools unify data logs from multiple sources into a single format. While unifying data logs is an essential step to detecting intrusions, it creates a “big data” resource that requires special tools for analysis. HPE ArcSight is an integrated big data security solution that collects, normalizes and correlates data, enabling administrators to search through millions of events in seconds to detect anomalies quickly and respond to threats across your entire hybrid IT environment. Years of unified data can be retained, archived and compressed, which provides a database of information that can be used for future security forensic and auditing needs. With HPE security tools, we can help enterprises respond to breaches in 4 hours, which otherwise would take 24 days. Full text searching can be performed in 10 minutes compared to 8 hours using prior tools.

As one of the five key security capabilities, monitoring, detecting and responding provide a critical element in delivering the right mix of security for a secure hybrid cloud environment. HPE ArcSight enables a full hybrid cloud monitoring, detecting and response capability to security threats that delivers a response time in minutes instead of days.

For the next blog in this series, I will discuss the fourth of the five key security capabilities: continuous regulatory compliance. To learn more about hybrid cloud security, download this whitepaper from 451 Research Group.

This is the fifth article of the series. To find the additional parts, please search for HPE Hybrid Cloud Security.

 

 

0 Kudos
About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all