Blog | Mar 11, 2013

Securing the Cloud – Managed Security Services

If you're like most companies, you're concerned about protecting yourself from data breaches, meeting compliance requirements, and protecting availability from security-related downtime, but the landscape of security solutions is complicated and fast moving.  How much should you invest in technologies like malware detection, intrusion detection and prevention, SIEM, or web application security?  Do you have the knowledge and time to manage solutions or do you want to "set it and forget it"?  It seems like there are no simple answers.

 security image

Let's think about the typical vulnerability lifecycle and how you would protect yourself. A vulnerability is born quietly in a coding error or system misconfiguration – you don't know it's there, and perhaps no one else does – yet.  During this stage of the vulnerability's life, exploitation is low, but it's still a risk.  At this point, technologies like vulnerability scans and log management (collection and analysis of log data) can help you by identifying vulnerabilities and by showing you suspicious activity taking place in your network, devices, and applications – the fingerprints of the bad guys poking around in your system.

Eventually the vulnerability is disclosed, and then the exploits grow.  When there's a known vulnerability out there, you can be sure that hackers are doing recon to find systems where it's present and take advantage of it.  Network intrusion detection becomes your tool of choice there – analyzing millions of events to determine when recon or an attack are happening, and where it's coming from.

Eventually a patch is released (or for home-grown software you develop it yourself) and then a core management function is key – good patch management!  You or your hosting provider needs to be on top of this to close up the hole. Meanwhile, monitoring network traffic for intrusions and studying log data keeps you aware until the patch is in place.

If you're running web applications, think about proactive protection like web application firewalls, which build intelligent whitelists of allowed application behavior and block out nonconforming traffic such as the ever-present SQL injection attacks launched by the "script kiddies" armed with automated tools.

Even after patching you'll want to watch closely.  You may well have been compromised – your log data will help you identify when it happened, and give you vital data for recovering.

Sound like a lot? It is – the common thread in many security technologies is that they require correlating a lot of different events and data and making expert calls about what represents and incident and how to respond.  That's why we've added some service offerings to help, from our security partner Alert Logic, whose specialty is Security-as-a-Service – taking the heavy lifting off your expertise and technology, and a monthly-fee business model that matches your hosting and cloud service plans. TriCore is now offering:

TriCore can deploy Alert Logic's solutions in a hosted and cloud infrastructure, giving you a unified view of your security data – and a support staff to watch over you 24x7.  

Check out their site at http://www.alertlogic.com