In part four of my blog series on the Multi-Cloud Security Architecture, we explored the range of response options available for multi-clouds, covering both automated and manual tactics. With the inputs of data gathered throughout the security cycle, we can now look to predict future attacks to develop the appropriate prevention and response much more quickly and effectively. In the final blog in my series, we will cover how predictive analytics provide the layer of intelligence that brings proactivity to security within multi-clouds.
Predictive security is really built upon data, analytics, and reasoning. We have seen that defining security policies, even using advanced techniques such as conditional declarative methods, can be tremendously difficult and error prone. A security solution with access to rich data – including metadata relating to applications and users (let’s call this “context”), detailed understanding of application and user behavior (using deep visualizations to analyze and anticipate behavior), and access to threat intelligence – can begin to use advanced modeling or machine-learning techniques to proactively define expected baseline behavior and also identify where deviations from that baseline are significant.
Some of today’s ‘primitive’ attempts at policy automation, which include hitting a button to convert a learned rule to an enforced rule, are tremendously unsafe, insecure, inaccurate, and impossible to embed within an application lifecycle - given the speed at which applications change and how hackers can also evolve to learn these “normal” behaviors in order to go undetected. Contrast this to advanced visualization and modeling techniques driven from rich data sets, and we can begin to comprehend how these learning techniques can be applied to the real world of complex and dynamically changing relationships.
Predictive analytics move us beyond the simplification of policy definition by the application owner to a world where the security professional can define high level models to enable autonomic discovery and enablement of applications (that include built-in policy) within a multi-cloud environment. However, these predictive analytics are dependent upon every other property of the Multi-Cloud Security Architecture to establish the data completeness and accuracy required to become autonomic.
We have spent the last few weeks outlining the architecture that is driving the industry-wide vision for multi-cloud security. The Multi-Cloud Security Architecture demonstrates how controls can be scaled deeply and broadly across a complex and diverse multi-cloud. These controls will feed the system with rich analytics in order to accurately and consistently detect security events and other important anomalies using risk-based methods. Once a security system is able to see an event, it is critical to be able to do something about it - quickly. Workflows and automation established at the response layer will drive that activity using the broad and deep set of controls embedded within the system. Finally, granular insight into the traffic of the environment will enable the ability to establish a set of predictive controls to increase the overall security posture of the system, and to reduce the complexity and overhead of operations.
Now that you understand the ins and outs of the Multi-Cloud Security Architecture, it’s time to start on your pathway to get there - based on your own organizational needs. Read our whitepaper on the pathway to multi-cloud security and contact us to learn how vArmour and our ecosystem can help you every step of the way.