Keeping up with technology trends in the enterprise is hard work, to say the least. It involves time, money, and a considerable amount of patience. The problem, however, is that while everyone and their grandmother is working on supporting more mobile devices, embracing cloud architecture, adopting DevOps practices, and the like, almost no one is factoring in security. While it may seem pretty obvious to most people that modern work environments need modern security solutions, a 2018 research study suggested that 93 percent of respondents were deploying their current on-premises security tools in the cloud. But using these legacy security tools is like buying a really expensive safe and putting a cheap lock on it as an afterthought. You’re never going to be able to secure a modern environment that way.
Dynamic environments require a dynamic approach
The traditional way to secure environments was to spend money on antivirus software and firewalls and rest easily in the knowledge that you’ve done all you could do. This is because traditional environments were finite and had boundaries that could be secured with a perimeter security model. Modern environments are a whole different animal and in addition to your on-prem infrastructure, you typically have at least two public clouds involved and a mystical galaxy of networks connecting them all. Additionally, the bad guys have evolved, too, and legacy security systems can be broken into by crooks with almost zero knowledge but the ability to buy sophisticated malware or order cheap DDoS attack services.
The modern approach, however, is to be on the ball all the time and never, ever, rest easy in the knowledge that you’ve done enough — because you haven’t and you can’t.
When securing a dynamic, virtual, and highly connected environment, the complexity is too much for traditional perimeter defenses to handle and pretty straightforward for traffic to bypass. Additionally, signatureless and fileless malware is specifically designed to evade legacy security tools by basically being invisible to them. This is because what most people fail to wrap their heads around is the fact that we’re not protecting our hardware anymore, we’re protecting our software and the unstructured data it sends through the Internet. What this needs in addition to a new approach, are modern tools built for the job of securing an ethereal environment.
Modern security tools are proactive
In stark contrast to traditional tools that can be installed and forgotten about until it’s time for renewal, modern tools are active and are constantly monitoring, testing, alerting, and reporting in real-time. This constant “vigil” is critical in today’s work environments where something is always changing and to secure it we need to not only track the changes but understand why they’re happening as well. This is why modern cloud monitoring tools offer graphs with performance metrics updated in one-minute intervals that include average response time, error rate, requests, throughput, peak response time, and the number of users. Additionally, expectations or “benchmarks” are set up in advance so that in the event of a breach, alerts are sent to the concerned parties by way of email or SMS.
With regards to the complex networks that make up our environments today, modern tools solve the puzzle by proactively pushing test traffic through the environment and watching it travel through the network. This active method sort of works like a controlled experiment, which includes emulating specific scenarios that would otherwise be difficult to replicate with legacy tools. This also makes it ideal for measuring specific metrics such as the latency between two devices on either end of a WAN. An important thing to remember is that attackers are proactively looking for outdated and compromised targets and the only way to combat that is to use tools that proactively look for vulnerabilities and fix them before the bad guys find out.
Modern tools are intelligent
It’s not all about collecting logs and gathering data, and security tools need to be smart enough to make sense of the tidal waves of information that our systems are constantly being bombarded with. All that data makes for extremely large datasets and require intelligent cloud monitoring solutions in addition to sophisticated analytics that can translate all that unstructured data into useful and actionable information. While querying such giant datasets would have been unthinkable in the past, even with a supercomputer, modern security tools do this with ease by using artificial intelligence to help analyze and execute such big datasets. In fact, artificial intelligence can digest terabytes of data, make sense of it and recommend actions, all within milliseconds.
AI enhances the entire security system, turning it into an intelligent encyclopedia of knowledge that can be queried at lightning-fast speeds. In addition to helping modern security tools interpret Big Data effectively, AI is also used for anomaly detection, pattern recognition, correlation analysis, and automatically setting benchmarks so there is no need for predefined thresholds. In the rare event that the data somehow manages to exceed the capacity of the system, AI can selectively omit the data it feels is of least importance. When compared to legacy security systems like antivirus suites, security tools that incorporate AI are on a whole different level. A good analogy would be a legacy antivirus suite integrated with IBM Watson, one that not only looks for vulnerabilities but intelligently secures the environment by constantly learning and teaching itself how to make improvements.
Modern tools are cloud native
Last but not least, unlike legacy security solutions, modern tools are cloud native and designed in context with today’s complex and distributed environments. This means they’re specially designed to not only secure workloads in containers and serverless functions but also designed to be compatible with future cloud native technologies as well. Cloud nativity also refers to the ability to leverage open source cloud capabilities like auto-scaling, continuous deployment, and auto-management that can run across different clouds. In a cloud native environment, interactions between the different components of an application are done through standard service APIs. Automation is also a big part of being cloud native and with the exception of manual analysis and configuration, common workload management tasks are all done automatically.
Cloud native security tools are inherently built on microservices or container-based architecture, which makes them extremely quick, light on resources, agile, and focused. For a few good examples of the advantages of microservices architecture, a quick peek at some early adopters like Google, Netflix, Twitter, and eBay should suffice. Microservices work by breaking down a single application into the smallest independently functional components, reducing overhead, and simplifying development, deployment, and management in the process. In addition to increased speed and efficiency, tools that are cloud native enable a level of scalability, elasticity, continuous deployment, and efficiency that no number of legacy tools combined could ever hope of achieving in today’s work environments. Lastly, legacy tools don’t enable any of the core cloud benefits.
Using legacy on-premises security solutions in today’s distributed environments is one way of painting a large target on your back for attackers. New environments need new and innovative security measures and security needs to be built in at every level. We hear the word DevOps a lot but hardly anyone talks about DevSecOps and no matter what tools you use, till you get that part right there is always going to be problems with security in the cloud.
Featured image: Shutterstock
