Step up your threat detection with a deterministic security platform.

Author: Keshav Kamble

Introduction

Over the past few months, I have spoken withdozens of partners, customers, and security visionaries. Everyone believes that the data center and cloud security ecosystems are evolving rapidly. While everyone has a different opinion on how to approach their security issues, they all agree on one central point: If we can catch a threat, we can deal with it.

What companies need now are smart approaches to threat detection.

Unfortunately, current methods for threat interception are inadequate.  They are too complicated, too analytical, and too slow and too often fail.

If intercepting threats is so critical, why don’t existing solutions do it better?

It’s clear that you can’t deal with something you don’t know exists. As a result, any viable solution must optimize on two variables:

1) The certainty of threat interception 

2) The time it takes to intercept the threat

Cloud Security requires innovative approach to threat detection focused on getting these two variables right.

First step requires identifying the threat deterministically. Deterministic threat detectionalso means solving grey-area problems related to the growing number of false positives that security staffs deal waste resources dealingwith.

Second step involve, extraction ofthe right detail from the event to understand the threat and its source. There is a delicate balance here: too little detail about a threat means dealing with it poorly; too much means dealing with it too slowly.  That is why we group threats efficiently and collect the right amount of information to trigger the right actions.

What comes after threat interception?

Next, keep the threat in suspension until the right action is identified. This has to be lightning fast. Clearlywithout fast suspension, applications are slowedand scalability is reduced.

Finally, isolate the threat using a granular approach.  Current methods of preventing the lateral movement of threats inside the application eco-system are ineffective. Granular segmentation, on the other hand, does stop the lateral spread of threats and also protects the application and data systems.

So keep monitoring, interception, and mitigation in mind when you consider your application security.  Look for a reliable threat identification and interception system that gives you greater control over how you mitigate your threats.

For more information, read the Forrester report on the New Wave of Security Technology.

https://www.forrester.com/report/The+Forrester+New+Wave+Runtime+Application+SelfProtection+Q1+2018/-/E-RES142077

 

The Emergence of Deep Application Security, Segmentation and Compliance

Introduction

Various business regulatory bodies have defined methods of sensitive data handling based on the nature of the business. Rapidly changing compute, network and storage environments such as private, public and hybrid cloud necessitate constant upgrades in the security and compliance clauses. Highly scalable and dynamic application architectures such as containers, micro-services and third party API driven architectures are making DevOps efficient but at the same time increasing the complexity of security, segmentation and business compliance. In such environments, preparing for business compliance audits, producing all the required monitoring data and passing the compliance audits has become excruciatingly painful and expensive.

Read More

How to protect applications from third party services and APIs?

Introduction

Application architecture is rapidly changing from monolithic virtual machine based to containerized micro-services based. Micro-services provide the perfect agility and DevOps freedom that IT managers need. Scaled-out distributed applications consume local as well as web based services by service commissioning and subscription models. Web based services and REST APIs for consumption of those services have been largely accepted as an ideal model by the development and security operations community.

Read More

How to protect when credentials are stolen?

Introduction

Every CIO, CISO or CxO’s worst nightmare is the theft of their or their staff’s credentials and subsequent attacks and abuse using those credentials. Unfortunately, the problem is complex and two fold. First, the victim does not know when the theft occurred and second the theft comes into light only after performing forensics analysis of the attack which used those credentials.

Read More

Why are MongoDB deployments under attack?

Critical observations and thoughts.

Today, I wanted to discuss the most pressing problems which MongoDB based applications are suffering with. Worldwide the attacks on MongoDB including taking the database for hostage grew multi-fold in 2017 only. By some analysis, within one week of January 2017, these incidents grew to 28000.

Read More

WannaCrypt: What should you do?

WannaCrypt ransomware is creating havoc on internet connected Windows PCs and servers and bringing down businesses one after the other.

I cannot emphasize enough that botnets and ransomware remains one of the biggest threats to various businesses. The damages to the economy are enormous. Just about 2 days ago, I responded to a Dale Drew’s (CISO of Level3 Communications and a well-regarded security expert) blog –   256: WHY HEALTHCARE SECURITY IS VULNERABLE AND BOTNETS & RANSOMWARE REMAIN OUR BIGGEST THREAT.  I highlighted the severity due to international nature of ransomware.

Read More