Private cloud visibility – top concerns explained by Gigamon

    Martyn Crew, Senior Director, Solutions Marketing and Partner Technologies, Gigamon

    For many years, security professionals and spending have been focused on the network perimeter. The perimeter and endpoints have been hardened to keep the bad guys out. And that’s been the right thing to do, but now that most organisations have achieved reasonable levels of perimeter and endpoint security, they are turning their focus to what’s happening on their private cloud networks.

    Why? Because industry statistics consistently show that many network threats (56%) are due to insider behaviour, whether malicious or unintentional, resulting in 90% of organisations feeling exposed to insider threats. And with insider breaches costing three times as much as outsider breaches at an average of $16.2 million,3 these threats come at a heavy cost.

    Many organisations assume that they know what’s happening on their private cloud network — after all, it’s their private cloud network running their applications and workloads, managed by their tools. But in practice, this is not always the case.

    #1. Are You Really Seeing Everything in Your Private Cloud?
    The tools that come built into your private cloud platform and the third-party security and observability tools that you’ve added are good as far as they go. The key question is whether they go far enough to give you what you need to detect patterns of user, asset, or network behaviour that indicate an attack or breach has occurred and to identify as precisely and quickly as possible the nature and extent of the problem.

    For example, tools that rely on MELT (metrics, events, logs, and traces) don’t see what’s happening at the network level of your private cloud. In fact, event- and log-based security tools such as SIEMs may not see up to 96% of the East-West (lateral) movements on your network,4 leaving one of your primary security tools blind to much of what is happening.

    #2. How Do You Secure Ephemeral VMs and Containers?
    Most organisations are committed to using VMs and containers to scale their applications. Using orchestration and automation mechanisms, new VMs and containers are spun up for minutes, seconds, even microseconds, then disappear just as quickly. But these time windows are more than long enough for sophisticated malware to detect a vulnerability and potentially use a VM or container to access a high-value asset that can be ransomed or exfiltrated.

    #3. Do You Have Visibility into Your Encrypted Traffic?
    Encryption is a powerful technology that most organisations use extensively to safeguard both data in motion and data at rest on their private clouds. However, encryption is a double-edged sword. Just as it’s a powerful tool for NetOps and SecOps, it’s also a powerful tool for attackers who use it to set up encryption to hide their presence on a network and, for example, set up encrypted tunnels that allow them to navigate the network — undetected — as they seek out high-value data targets.

    #4. Are Your Tools Showing You as Much as You Think?
    Today’s security, observability, and performance management tools do a very good job of meeting their intended purposes. But times and situations change, and increasingly well-resourced, motivated, and agile attackers are poised to take advantage of these changes. New examples — indeed, new classes — of AI-powered malware are being launched with alarming frequency, perpetuating the attacker’s advantage and leaving your organisation more exposed.

    To combat these threats, you need to have all your tools working together to correlate all the data they are seeing individually so you can detect and identify anomalous behaviour at the user, application, or network level in real-time and, in many cases, pre-empt an attack.

    #5. Can You Get a Comprehensive, Consistent View of All Private Cloud Activity?
    The old cliché “You can’t secure what you can’t see” is a cliché for a reason — because it’s true. In the world of private cloud security with multiple private cloud instances, ephemeral VMs and containers, and encrypted data, this is truer than ever before. Although individual tools can give you some of the visibility you need, what you really need is to consolidate your visibility data into a single window, so when security or performance events occur, you have a single point from which SecOps and NetOps teams can respond.