1. You need to think differentlyIt may sound obvious, but the cloud is different from a physical data centre. When IT departments were focused on managing physical servers and workstations connected via physical networks, securing those networks was relatively straightforward: protect the endpoint by installing antivirus (AV), firewalls, intrusion detection software, etc. The cloud has changed that. Now, instead of having 100 physical machines communicating with the outside world via defined network structures, you have maybe 10 physical machines each hosting 10 virtual machines (VMs) often communicating with each other inside physical servers. While this means less physical hardware, controlling how the individual virtual machines communicate is far more complex. With this type of architecture, traditional endpoint security is rendered ineffective. If you were to install AV on each VM and run scans simultaneously, you would produce a massive CPU load that would degrade the server performance to an unacceptable level. Meanwhile, malware can easily bypass firewalls if VMs are communicating within a physical server.
2. You need to find new ways track virusesFor both private and hybrid cloud networks, you can’t simply rely just on AV signature databases or attack signatures through systems like Snort. While many of the big AV companies will have well-maintained databases of virus signatures, they are very often updating these at least daily (sometimes more than once). In a cloud environment, this can have significant implications for performance if your resources are being taken up with frequent updates. The problem is, hackers aren’t resting on their laurels; they are continuously creating new ways to attack companies’ data, so spotting the signatures becomes more complex. You may even have intrusions that have no signature. The ability to prevent these “unknown” attacks and spot suspicious network activity is very important, particularly within a virtualized environment.
3. Public cloud means you have less controlSecurity in the public cloud is further complicated by the fact you don’t have full access to the VMs. While public cloud providers like Azure or AWS offer organizations a wide range of benefits – including reduced costs – the VMs a company is using could be on a server that sits inside the vendor’s data centres anywhere in the world. It’s also worth bearing in mind that you don’t have superadmin rights to your VMs in this environment.
So, how do you overcome these challenges?These issues aren’t insurmountable, but they do require different technologies and a change in attitude and understanding on the part of those managing the networks. For example, with firewalls, you need to be able to isolate the VMs. One answer here is an agentless solution that sits inside the Virtual Switch – a low-level piece of software that controls traffic between VMs and between VMs and the outside network. Again, for AV, host-based solutions enable admins to maximise performance. Additional functionality, such as change-block tracking, increases the speed of scans, which increases the frequency that they can be done. In both situations, with nothing actually inside the VM, it means that you have the added benefit that hackers can’t disable the protection or hardware from the inside. When it comes to effectively tracking new types of attack, there are a number of other additional technologies coming onto the market that network managers can turn to for help:
- Behavior analytics and machine-learning techniques
- Multiple advanced pattern analysis and machine learning-based malware prevention
- User and entity behavioral analytics (UEBA)