Cloud Ready Threat Detection & Response

Organizations are leveraging third party cloud environments for increasingly critical data, applications, and infrastructure. The agility and potential cost savings that both public and private (virtual) clouds offer mean that the business can be more efficient and gain operational and financial advantages. While some organizations – dependent on vertical and “risk” appetite – may be slower than others, the pace of the continued movement to the cloud is undeniable. In fact, IDC predicts that cloud IT infrastructure spending will amount to 46% of total expenditures for enterprise IT infrastructure by 2019. No one is doing “nothing” when it comes to deploying modern infrastructure in today’s rapidly evolving landscape.

There is, however, a downside to the advantages that these modern infrastructure options provide. Enterprises can’t always monitor the management and activity of data in public cloud environments as they can within their own physical data centers.  They no longer have any perimeter to place preventative controls to keep the bad guys out (as if that ever worked, anyway).  They don’t have the visibility into who has access to what, what data is where, and other potential vulnerabilities. In addition, expanded use of virtualization may create additional blind spots. Are alerts and other data pertaining to virtualized network traffic being collected? Also, is there visibility of every newly spun virtual machine? Has endpoint visibility accounted for all hypervisors and clusters? Many organizations do not know.  Attackers are smart and realize organizations are vulnerable and blind to much of what occurs within these infrastructures.

Organizations must have threat detection and response capabilities that are infrastructure agnostic. They need to have the ability to ingest multiple types of disparate data (logs, packets, netflow, and deep endpoint data) from virtual machines, on premise infrastructure, and from third party cloud providers. Without this pervasive visibility, attackers have the opportunity to play in the blind spots which they assume exist – knowing that so many organizations don’t have a platform that treats modern infrastructure the same as on premise.

When it comes to the RSA NetWitness Suite and being “cloud ready,” we are really talking about two things. First, the ability to see everything– no matter where the data resides: on premise, in private clouds, on virtual machines, or in the public cloud. There should be no gap in visibility between an organization’s on premise infrastructure and their virtual and third party cloud deployments.  Secondly, the ability to run anywhere – or the capability to deploy RSA NWS components on any type of infrastructure an organization desires: on premise, virtually, in public clouds or combination.

We have a lot to say on the topic of RSA NetWitness Suite being cloud ready. Keep your ears and eyes open for some exciting things coming soon.

Want to learn more about the RSA NetWitness Suite? Check out the RSA Link Community.

Leave a Reply

Your email address will not be published. Required fields are marked *

No Comments