Overcoming Enterprise Security Challenges with Continuous Monitoring in the Cloud
By Sumedh Thakar, Chief Product Officer, Qualys
Across industries, organizations are realizing that traditional methods of security no longer stack up against today’s constantly evolving cyber threats. In addition, these tools often limit organizations’ ability to scale. With the proliferation of devices as well as the shift to the cloud, an organization’s infrastructure has become more and more
heterogeneous, requiring security managers to not only secure an organization’s physical data center, but also its virtual and remote data centers. All of this adds a new layer of complexity to the security stack.
Also adding to the complexity of security in today’s enterprise is the trend toward globalization. Employees and devices span across offices as well as countries, making it difficult to track what information may be going in and out of an organization. Global offices not only result in an increase in the amount of devices inherent within an organization, but also an increase in endpoints.
Tracking the Moving Endpoint
Endpoints have always been difficult to secure, even before the cloud and BYOD, because of their movability. People can essentially add an endpoint wherever they want – whether it be inside an organization’s network via a new device, or outside of it, like connecting to community Wi-Fi. Additionally, endpoints are no longer limited to the desktop computer, but can include printers, laptops, tablets and mobile devices – and now, even watches and other connected wearables, too. Unless your organization’s security solution can monitor each of these endpoints at all times, it’s extremely easy for an oversight.
On the topic of mobility, the devices that employees use within an organization, especially employees that use them remotely, may not frequently connect to the company network – sometimes for days or weeks at a time. Oftentimes, standard enterprise solutions are not installed to continuously monitor activity on these devices when they are outside the company network, and therefore, are unable to identify whether a device or application may be vulnerable to attack.
Making the Case for Cloud
The shift to the cloud is increasing the importance for continuous security measures, as companies must be able to respond quickly to security threats. Reasons for continuous security include new avenues of attack, such as through flaws in applications hosted in the cloud.
"One of the biggest security challenges that most enterprises deal with is the notion of asset discovery"
Overall, the only way to effectively secure your organization is through a cloud-oriented architecture that has the ability to constantly monitor and collect information on each of your different environments. But before beginning on your journey to continuous security, you must first understand how to overcome your organization’s security challenges.
Employing Asset Tagging
One of the biggest security challenges that most enterprises deal with is the notion of asset discovery. How can you secure something if you don’t know it exists? Unfortunately, there’s no single tool in today’s marketplace that can provide you with an entire picture of your assets. However, keeping an accurate and up-to-date inventory of IT assets through asset tagging is a critical step in maintaining secure environments. If you continuously monitor what is coming in and out of your organization through automated inventory categorization and management, it becomes much easier to maintain a secure environment.
Implementing a Vulnerability Management Solution
Gaining visibility into an organization’s network is not easy, especially with the rapid adoption of virtual networks and remote offices. Most devices inherent within an organization rely on connecting to the Internet, without any knowledge of what information is leaving or entering the network. A continuous monitoring solution will not only allow you to accurately assess your organization’s perimeter, but can offer much-needed visibility into the data traversing the network via automated scanning for vulnerabilities.
Automated Scanning for Web Application Vulnerabilities
Web application vulnerabilities, when not patched or mitigated, continue to pose significant risk to enterprise apps and data. In fact, web application vulnerabilities are now the most prevalent at more than 55 percent of all server vulnerability disclosures.
Vulnerabilities in web applications may take any of two-dozen forms. Many attacks use fault injection, which exploits vulnerabilities in a web application's syntax and semantics, and some use SQL injection and cross-site scripting. The outcome often gives an attacker control over the application and easy access to the server, database and other back-end IT resources.
Web application vulnerabilities are often outside the traditional expertise of network managers. Their built-in obscurity helps evade traditional network defenses — unless an organization takes deliberate countermeasures. Unfortunately, there is no "silver bullet" for detection. However, many prevalent web application vulnerabilities can be detected with an automated scanner, which enables organizations to assess, track and remediate these types of vulnerabilities.
As stated previously, endpoints have always been a challenge for the enterprise because of their reach. With the mobility of today’s endpoints, it’s difficult to see what gets downloaded, what process is running on these endpoints, and what ports they may have opened.
The truth is, once an endpoint is infected, it can take days or even months to actually discover whether it is infected – unless there is a continuously monitoring approach in place. One tool to consider is an analysis tool that can monitor any traffic going to and from a Web server on the public Internet.
The Case for Continuous Security
Ultimately, an organization must be able to protect itself against all different attack vectors – whether it’s a result of a global campaign where the attackers don’t necessarily care what they are going after, or a more targeted attack where the hackers are after specific information or data.
A successful security program is one that includes patch management, continuous monitoring, and has the ability to collect intelligence by looking at any changes taking place within the organization’s infrastructure. A cloud-oriented architecture will provide each of these capabilities and will enable enterprises to continuously secure their most valuable assets.