Blog | Mar 11, 2013
Securing the Cloud – Managed Security Services
If you're like most companies, you're concerned about protecting yourself from data breaches, meeting compliance requirements, and protecting availability from security-related downtime, but the landscape of security solutions is complicated and fast moving. How much should you invest in technologies like malware detection, intrusion detection and prevention, SIEM, or web application security? Do you have the knowledge and time to manage solutions or do you want to "set it and forget it"? It seems like there are no simple answers.
Let's think about the typical vulnerability lifecycle and how you would protect yourself. A vulnerability is born quietly in a coding error or system misconfiguration – you don't know it's there, and perhaps no one else does – yet. During this stage of the vulnerability's life, exploitation is low, but it's still a risk. At this point, technologies like vulnerability scans and log management (collection and analysis of log data) can help you by identifying vulnerabilities and by showing you suspicious activity taking place in your network, devices, and applications – the fingerprints of the bad guys poking around in your system.
Eventually the vulnerability is disclosed, and then the exploits grow. When there's a known vulnerability out there, you can be sure that hackers are doing recon to find systems where it's present and take advantage of it. Network intrusion detection becomes your tool of choice there – analyzing millions of events to determine when recon or an attack are happening, and where it's coming from.
Eventually a patch is released (or for home-grown software you develop it yourself) and then a core management function is key – good patch management! You or your hosting provider needs to be on top of this to close up the hole. Meanwhile, monitoring network traffic for intrusions and studying log data keeps you aware until the patch is in place.
If you're running web applications, think about proactive protection like web application firewalls, which build intelligent whitelists of allowed application behavior and block out nonconforming traffic such as the ever-present SQL injection attacks launched by the "script kiddies" armed with automated tools.
Even after patching you'll want to watch closely. You may well have been compromised – your log data will help you identify when it happened, and give you vital data for recovering.
Sound like a lot? It is – the common thread in many security technologies is that they require correlating a lot of different events and data and making expert calls about what represents and incident and how to respond. That's why we've added some service offerings to help, from our security partner Alert Logic, whose specialty is Security-as-a-Service – taking the heavy lifting off your expertise and technology, and a monthly-fee business model that matches your hosting and cloud service plans. TriCore is now offering:
- Alert Logic Threat Manager – managed intrusion detection and vulnerability scans. Not only do you get the IDS technology, but it's monitored 24x7 and incidents are validated by Alert Logic's SOC. Instead of getting an alert that's a false alarm at 3AM you are notified when an analyst has investigated and determined that yes, you have an issue. (You can also get just the vulnerability scanning capabilities of Threat Manager through Alert Logic ScanWatch.)
- Alert Logic Log Manager – Cloud log management that collects and normalizes all your log data, presents in a slick web interface, and stores all data for a year (or more if you need it). You can also get an analyst to review your logs every day to look for problems and meet PCI requirements.
- Alert Logic Web Security Manager – A managed web application firewall that blocks web application attacks – one of the most common and dangerous sets of exploits. WAF management is complex, but Alert Logic's team tunes and monitors your WAF so it's blocking the hackers without blocking your customers.
TriCore can deploy Alert Logic's solutions in a hosted and cloud infrastructure, giving you a unified view of your security data – and a support staff to watch over you 24x7.
Check out their site at http://www.alertlogic.com