The landscape for cybersecurity teams has altered inextricably as companies gradually use more cloud-based services, be they PaaS/IaaS or full standalone remote services. Instead of perimeter-based and endpoint-focused protection, teams now have to consider virtualization topologies on large scales, spread between on-premise or remote, containerization, and the fact that no infrastructure remains fixed for long. The ease with which individuals can spin up entire remote infrastructures makes a static cybersecurity picture impossible.
It’s worth noting that most cloud providers only effectively ringfence their own infrastructure for protection. The applications and services, and the data they process, remain the security concern of their clients — a situation epitomized by so-called serverless applications, where the infrastructure is deliberately abstracted away from commissioning IT professionals.
Older security approaches such as installing active agents on every asset remain viable in theory, but a single instance of hardware running a couple of hundred VMs means that organizations will be losing massive resources replicating protections across every virtual device — and then having to manually craft alert rules so one incident doesn’t raise dozens of discrete flags, all of which reference the same issue with slight differences details.
Containerized applications that are automatically deployed at scale as demand spikes, for instance, have the potential to replicate security flaws. And like the cloud providers’ attitude, the nature of container repos is such that the responsibility for overall security belongs to the end user.
Whether it’s a zero-day found in an OS, an outdated library compiled into an application, or an oversight on the part of deployment engineers pulling a container image, dropping anti-malware agents liberally across an ever-changing infrastructure doesn’t make for a secure environment.
Cybersecurity platforms designed with modern use cases in mind are at an advantage — instead of trying to fit 2011 cybersecurity methods into a 2021 infrastructure, today’s platforms take a pragmatic approach. Auto-discovery of services on a remote cloud means that security configuration is always fit for purpose, and any change to what’s running will cause a realignment of security policy automatically. In this way, even 2021’s version of “shadow IT” — services being bootstrapped on remote clouds under the IT department’s radar — is covered off. Scalable security resources that automatically adjust help security teams who no longer need to be in a constant state of auditing: the platform does that.
Perhaps one of the biggest challenges for cybersec is hybrid topologies. Hosts running remotely or on-premise get the same protection from VM host-based agents, where a single VSM will protect multiple images. Regardless of whether machines are on bare metal, abstracted, in a cloud of whichever color, rogue elements won’t trigger hundreds of alerts, plus a unified dashboard pulls in real-time stats from everywhere.
Even where agentless operation is not viable, the key is to use lightweight agents where necessary that parse results through a single point to remove reporting duplication. In this way, the type of endpoint and its physical location is irrelevant. Centralized operation also means unified reporting, a single point of control for push updates and logfile analysis, and a security asset distribution center that reacts autonomously. Whether it’s an emerging threat, new infrastructure becoming apparent, or older assets being retired the trick is to stop IT needing to play catch-up with changes in what they’re tasked to protect. Instead of relying on project maintainers to keep individual libraries, containers, or components up to date, autonomous systems cope with people moving on and application libraries (or core components) being deprecated.
Until machines write code, human fallibility will always play a big role in the inherent safeness of online applications and services — in the same way fallible human nature creates the threats against which we need to protect. Using intelligent, autonomous tooling will help cybersecurity teams much more than older technologies being adapted to the new ways that enterprises use information technology.
This article is written in conjunction with Kaspersky. To find out more about how the Kaspersky Hybrid Cloud Security platform can help security teams in fluid and dynamic IT environments, get in touch with experts closest to you.