This post is the fourth in a series of eight on five pillars to actionable cloud security. For the rest of the series, visit the Five Pillars blog page here.
This next step or pillar relies on first being able to determine who is allowed access and to what – and then detecting anomalies. Typically, Detection Controls focus on intrusion, more commonly known as Intrusion Detection Systems (IDS). These are automated, and are designed to monitor and analyze network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous. Some IDS controls go further: they will trigger automated processes that can include recording suspicious activity or scanning the computers involved to try to find signs of compromise.An IDS differs from a firewall in that the IDS looks for intrusions that 1) have already occurred 2) are currently underway, or 3) originate from within the network. ~ @rkturner1Click To Tweet
An IDS differs from a firewall in that a firewall looks outwardly for intrusions to stop them from happening in the first place. IDS looks for both intrusions that have already occurred (or are actively occurring), and for attacks that originate from within the network.
Because an IDS is watching the actual network traffic flow, it not only permits a more timely response to an active compromise, it also offers the capability to identify devices that are in imminent danger of compromise. In layman’s terms, this means identifying devices – or resources – with similar access profiles as those where the intrusion took place. IDS controls obviously require some kind of feedback loop with a security provider, to learn the latest malicious activities and recognize them when detected.
To develop an actionable Detection Controls pillar, customers must:
- Deploy detective controls at Layer 4 to Layer 7 and protect applications
- Understand how IDS differs from Firewall protections
- Have a thorough understanding of all monitoring and logging activities that are performed as part of in-place detection systems
In the next post we will discuss the third pillar, Network Security.Rich Turner lays out the three steps to an actionable Detection Controls pillar for your Azure security framework Click To Tweet
Rich ist Director of Public Cloud Product Marketing bei Barracuda. Er stieß im Rahmen der Übernahme von C2C Systems im Jahr 2014 zum Team. Rich ist einer der Public-Cloud-Experten von Barracuda – er arbeitet direkt mit den Cloud-Ökosystemen und wurde in E-Books von Microsoft zum Thema Public Cloud Security zitiert. Er schreibt außerdem häufig für die eigenen Cloud-Blogs von Barracuda. Für unsere Cloud-Initiativen hilft er bei der Entwicklung von Strategien und deren Umsetzung mit unseren Partnern und Vertriebsteams.
Sie können Rich eine E-Mail an firstname.lastname@example.org schicken.