“I’ve Looked at Clouds from Both Sides Now”: Reflections on Visibility, Context & Control in Cloud Security”
Jun 21, 2019 / Checkpoint
In her timeless song and feathery voice, Joni Mitchell sings about hope versus reality, a duality which makes sense given reports she had written the song while on a plane.
A plane ride embodies duality at its best: ephemeral existence between real and ethereal, ground and firmament, timely and endless. Some of us may feel a need for control despite being utterly helpless. Perhaps that’s how Joni felt, looking at clouds from her window seat, and perhaps some of you security practitioners can relate.
Security concerns remain one of the primary barriers for organizations to deploy an application on a public cloud. That doesn’t mean public clouds are less secure than on-premises environments. They are secure!
It is because security professionals lack visibility, and context to effectively enforce security best practices in the cloud. All too often, developers have accidentally left open ports on a cloud service or forgotten to encrypt sensitive data.
Further swerving security teams out of control is the ephemeral nature of assets in modern cloud environments. While on-premises infrastructure and applications are relatively static and rarely changed, cloud deployments are all about flexibility and agility: objects come and go by design, sometimes deliberately failed, to test resiliency. Virtually nothing is static in the cloud. Because applications change daily / hourly, it’s hard to model a change to reflect anomalous behavior. More so, the process of change is highly automated, which means that it isn’t viable to insert human-driven control points in the development process.
As a way of addressing these challenges, some security practitioners refer to native cloud tools or SIEM solutions and analytics tools to gain visibility and control. But SIEM solutions were created for static environments and therefore provide little visibility into ephemeral assets and nearly no context at all. The result is a host of unintelligible activity logs and limited capacity to shed light on malicious cloud activity.
So if a woman of Mitchell’s stature can feel so baffled by clouds, so will you.
Last week, on June 11th, Check Point announced the launch of CloudGuard Log.ic.
CloudGuard Log.ic (pronounced ‘Logic’) is a cloud-native threat protection and security analytics solution for the public cloud. The latest addition to the CloudGuard family, it enriches cloud logs with context, transforms them into readable security logic, and enables security teams to take cloud security to the next level.
If you are running your business on public cloud services, you’re probably all too familiar with the following security operational challenges:
- Limited monitoring and logging tools
- Time wasted, searching through vast amounts of log data
- Ongoing, or inconclusive incident reports
These challenges result in frustration and inefficiencies in managing and protecting your business.
CloudGuard Log.ic reduces those inefficiencies significantly. Making use of native APIs, available log data, robust logs enrichment engine, and Check Point’s Threat Cloud for rich intelligence feeds, CloudGuard Log.ic intelligently detects anomalous events, and alerts and quarantines public cloud threats. Its insights-infused visualization, intuitive querying method, and integration with 3rd party SIEM solutions, will help you cut down on operation cost and significantly accelerate security incident investigations.
In addition, CloudGuard Log.ic is the only platform that attributes network traffic to cloud-native ephemeral services such as AWS Lambda as well as other cloud-native platform components (RDS, Redshift, ELB, ALB, ECS). Utilizing its rich, context-aware visualization and exploration tool, it provides you with a complete view and understanding of your cloud infrastructure across time.
A step back to Mitchell’s perspective: Stating “Both Sides, Now” when looking at clouds expresses the benefit of seeing both sides of the coin. Mitchell’s outlook on life while plane-writing her song was not just dual, it was complete. Her travel experience allowed CONTEXT.
And context-giving for picture-completeness is what CloudGuard Log.ic does.
From a narrow focused view into every IaaS and PaaS asset, the relationships they carry between them and the threat intelligence sources they should correlate with, to a broad high level view into the entire public cloud infrastructure; CloudGuard Log.ic enables organizations to fully see and understand cloud security postures. Thus, they can better rely on DevOps to implement security controls, and give security teams the tool they need to verify those are properly working. Furthermore, security teams can respond and mitigate threats faster, as well as easily launch forensics.
Latest BlogsSee all blog posts
The Fourth Annual March Hackness Phishing Bracket
Mar 2019 / Area1
Contrast Security recognised as the only "VISIONARY" in the GARTNER MAGIC QUADRANT for application security testing for 2019
Apr 2019 / Contrast
Understanding Microsoft's OAuth2 implementation - Part 3: Using Microsoft Graph API
Apr 2019 / Swimlane