Threat Detection for your Multi-Cloud Environment
By Dan Ramaswami, VP Field Engineering
We’re at a tipping point with respect to how we think about the cloud and security. Now, 89% of organizations report having a multi-cloud strategy, and 80% are using both public and private clouds. What’s more, every executive I speak with has business-critical operations running in the cloud. How organizations are using the cloud is quickly at parity with classic on-premises environments, yet our ability to protect those operations is not.
More than 70% of security leaders are extremely or very concerned about their ability to secure their cloud systems. Why? Those virtual networks that exist in the cloud are part of an organization’s overall network estate. But a lack of visibility into traffic moving within as well as between clouds and to and from on-prem infrastructure is creating huge blind spots from a threat detection standpoint. Keeping each one of those areas siloed and only looking at traffic within that area or compartmentalized view makes it incredibly difficult—if not impossible—to detect and stop attacks. Unless we think of the cloud as an extension of our on-prem environment and have complete network visibility across the entire enterprise footprint, we are destined for failure when it comes to protecting the entire organization.
On-premises, we have tools that provide visibility and control so we can protect our core crown jewel critical servers that reside in a well-defined and secured data center from the distribution network. As we embrace cloud-first and cloud-native, we need to think in the same construct across all the clouds we rely on. Additionally, it’s likely that each cloud has been subdivided into different enclaves with varying degrees of criticality, so the challenge becomes thinking of these multiple enclaves in multiple different clouds in the same light as the rest of our infrastructure and securing them accordingly.
But all clouds are not created equal and few standards exist for the type of data and level of visibility cloud providers offer, which adds complexity. Everywhere we add complexity—within the network and the capabilities to defend it—we add opacity and gaps. Attackers take advantage of each gap to wage attacks that are difficult to detect before damage can be done. Herein lies the challenge. How do we detect threats across these networks that are fractured and atomized across every nook and cranny, through the same lens, and with the same level of scrutiny as we would an on-prem network that we fully control? We need to approach security in the classic sense, but with tooling that addresses complexity to provide complete visibility across the Atomized Network for real-time and retrospective attack detection.
At Netography, we’re solving the challenge by providing a composite view of all a customer’s cloud traffic at once, alongside visibility into on-prem and legacy infrastructure to deliver comprehensive network visibility. We do this by using metadata in the form of flow data that is available across multi-cloud, on-premises, and hybrid environments. We pull cloud flow logs from all the major cloud providers and since no cloud flow log standards exist, we aggregate and normalize that disparate data to make it useable. We apply the same context to all that metadata and enrich it with intelligence to accelerate analysis. Through a single portal, customers not only gain visibility into traffic within a specific cloud provider, but also visibility into cross-cloud traffic and back to on-prem. Eliminating the blind spots makes it possible to identify dependencies, understand what is happening across the environment, and reduce the time to detect threats that traverse the Atomized Network.
When we treat the cloud as an extension of our on-premises environment and apply the same construct for threat detection, the SecOps team has visibility across the entire kingdom at once. Protection of on-prem and multi-cloud environments is at parity without adding complexity. And we can secure our Atomized Networks.