It’s worth noting that most cloud providers only effectively ringfence their own infrastructure for protection. The applications and services, and the data they process, remain the security concern of their clients — a situation epitomized by so-called serverless applications, where the infrastructure is deliberately abstracted away from commissioning IT professionals.

Older security approaches such as installing active agents on every asset remain viable in theory, but a single instance of hardware running a couple of hundred VMs means that organizations will be losing massive resources replicating protections across every virtual device — and then having to manually craft alert rules so one incident doesn’t raise dozens of discrete flags, all of which reference the same issue with slight differences details.

Containerized applications that are automatically deployed at scale as demand spikes, for instance, have the potential to replicate security flaws. And like the cloud providers’ attitude, the nature of container repos is such that the responsibility for overall security belongs to the end user.

Whether it’s a zero-day found in an OS, an outdated library compiled into an application, or an oversight on the part of deployment engineers pulling a container image, dropping anti-malware agents liberally across an ever-changing infrastructure doesn’t make for a secure environment.

Cybersecurity platforms designed with modern use cases in mind are at an advantage — instead of trying to fit 2011 cybersecurity methods into a 2021 infrastructure, today’s platforms take a pragmatic approach. Auto-discovery of services on a remote cloud means that security configuration is always fit for purpose, and any change to what’s running will cause a realignment of security policy automatically. In this way, even 2021’s version of “shadow IT” — services being bootstrapped on remote clouds under the IT department’s radar — is covered off. Scalable security resources that automatically adjust help security teams who no longer need to be in a constant state of auditing: the platform does that.

Perhaps one of the biggest challenges for cybersec is hybrid topologies. Hosts running remotely or on-premise get the same protection from VM host-based agents, where a single VSM will protect multiple images. Regardless of whether machines are on bare metal, abstracted, in a cloud of whichever color, rogue elements won’t trigger hundreds of alerts, plus a unified dashboard pulls in real-time stats from everywhere.

Even where agentless operation is not viable, the key is to use lightweight agents where necessary that parse results through a single point to remove reporting duplication. In this way, the type of endpoint and its physical location is irrelevant. Centralized operation also means unified reporting, a single point of control for push updates and logfile analysis, and a security asset distribution center that reacts autonomously. Whether it’s an emerging threat, new infrastructure becoming apparent, or older assets being retired the trick is to stop IT needing to play catch-up with changes in what they’re tasked to protect. Instead of relying on project maintainers to keep individual libraries, containers, or components up to date, autonomous systems cope with people moving on and application libraries (or core components) being deprecated.

Until machines write code, human fallibility will always play a big role in the inherent safeness of online applications and services — in the same way fallible human nature creates the threats against which we need to protect. Using intelligent, autonomous tooling will help cybersecurity teams much more than older technologies being adapted to the new ways that enterprises use information technology.

This article is written in conjunction with Kaspersky. To find out more about how the Kaspersky Hybrid Cloud Security platform can help security teams in fluid and dynamic IT environments, get in touch with experts closest to you.

The post Cloud-first or changing hybrid? The cybersecurity platform that adapts appeared first on Tech Wire Asia.

Assuming that the providers are responsible for the security of the cloud, security for the cloud is a different matter. In many ways, some cybersecurity companies are still playing catch-up from the evaporation of both the perimeter and the purely company-owned endpoint.

There are plenty of dedicated cybersecurity platforms, whether new to the scene or established players, that claim to protect the organization transferring its workloads to the cloud. However, in many cases, the emphasis appears to be on the period of migration, with workload security somehow becoming a post-migration issue that can be circled back to at some nebulous point in the future.

What organizations are often left with are the types of tools that had their roots in the “antivirus age” (think 1992 – 2012) adapted to multi- and hybrid-cloud deployments. Some even struggle with the virtual OS paradigm, with multiple VMs flooding control servers with update requests, notifications, red flags, and so on. The solution to this appears to be for the cybersecurity platform to create pools of resources dedicated to command and control. Unfortunately, that is an expensive way around what is essentially a problem stemming from trying to crowbar older platforms and methodologies into new settings. It is a series of problems that are specially compounded, and where production services are replicated on the same platform(s) to create development or testing sandboxes.

Nevertheless, the advantages of the cloud and the benefits that it brings to business continuity and resilience are overwhelming. The danger is that the savings made can be lost. In addition, the inherent gaps between areas of responsibility, visibility, and control are producing environments where hackers can thrive.

Security platforms that are multi- and hybrid-cloud native can use methods of aggregation specifically designed for their environment.  Having a single, per-hypervisor instance, for example, is one way that multiple machines can be protected more efficiently. However, each VM still requires protection, monitoring and the capability to report potential cybersecurity-related problems.

The hypervisor-based SVM (security virtual machine) oversees per-VM agents that are tiny and lightweight in processor cycles and resource use. Instead of agents duplicating security tasks, these are taken care of by the SVM, with intelligent caching helping to eliminate superfluous operations and duplicated data flows. With SVMs always on and always up to date, when VMs spin up, they are immediately protected, instead of leaving gaps between boot and updated protection.

It is important to note that modules like firewall, anti-malware, anti-phishing, behavioral analysis, and Network Threat Protection technologies are critical components. Behavioral analytics for example, allows effective protection against ransomware, exploits – including zero-day attacks, privilege escalation, file-less malware, and unknown threats. Between a “traditional” perimeter-server-client model and a hybrid cloud, the overarching need to harden and protect is the same. It is the delivery method of these tools, in relatively new environments, that is different.

Choosing the right hybrid cloud protection platform is a mainstay of letting the organization deploy where, how, and what it wants to support the business. The promise of the cloud removes the physical constraints on traditional IT infrastructure and helps organizations achieve their goals. It would be a shame if the constraints caused by last decade’s cyber protection platforms impede the ability.

The post Rethinking security visibility & control in hybrid clouds appeared first on Tech Wire Asia.