What are the main advantages of security services managed and delivered in the cloud, and how to choose the best MSSP? When working in a multi-cloud and cross-cloud environment, the ideal approach is to centrally manage the security tools and policies created within these tools across all public and private clouds occupied by your company. However, there is no guarantee that the devices are optimal or even usable in third-party cloud infrastructures.
Therefore, it is important to choose tools and criteria that meet all internal safety standards and offer the flexibility to work consistently across any cloud infrastructure. It is necessary to map, analyze and review all tools and processes to verify which will quickly adapt to the new infrastructure and which ones will have to be modified or abandoned in favor of something that works on all infrastructures managed in multicloud. In all of this, maintaining visibility in a multi-cloud environment must be a fundamental part of a secure architecture. Ideally, visibility should extend to the network layer. Several tools are available, all centrally manageable, to provide multicolored visibility.
Next-generation SIEMs ( Security Information and Event Management ) integrated technologies that include User and Entity Behavior Analytics ( UEBA ) and Security Orchestration and Automated Response Response – SOAR ). Through a series of heuristic algorithms, which contemplate the probability of identifying cyber attacks of various types, such as zero-day exploits, DDOS attacks, and brute force, SIEM 4.0 exploits a baseline that allows it to perform pattern matching operations ( pattern matching) and to aggregate logs to trigger advanced analytical processes.
The system also intercepts and quickly locates all anomalous activities occurring on the network, interoperating with the security policies established by the organization to determine which actions should be taken and which not. However, SIEM tools rely heavily on log data, which offers different levels of granularity depending on the cloud service provider. Consequently, visibility through a SIEM tool may not be as beneficial as one might think.
The NDR Tools
An emerging field in IT security, known as Network Detection and Response (NDR), may prove better suited to providing visibility across hybrid and multi-cloud networks. Compared to corporate networking, NDR monitors traffic by extracting network telemetry data from various locations, including private and public clouds. The data is obtained from NetFlow, deep packet inspection, and other telemetry data from the streaming network. The information is then sent to an analytics tool that decodes and aggregates the data to determine which devices are on the web and who they are talking to. Once processing is complete, traffic baselines are created.
Traffic is analyzed from a security perspective to identify traffic pattern anomalies, suboptimal performance indicators, and matches with known and unknown threats. From a multicolor visibility perspective, an NDR platform can be implemented in IaaS clouds to automate the creation of a network visibility map that identifies all network components and connected servers/devices, showing interactions between machines. This is precisely the level of detail security administrators seek, with the added benefit of using a single platform to monitor all on-premise and public cloud resources in one centralized platform.
How And Why To Rely On A Managed Security Service Provider (MSSP)
From the initial goal of remote Monitoring and management of servers and networks, over the years, the mission of the MSSPs has progressively expanded to keep pace with technological development. Today Managed Security Service Providers also take charge of the management of physical and virtual infrastructures and all cloud and multi-cloud services, also overseeing all aspects related to compliance which, with the GDPR, today imposes additional criteria of attention and service associated with data management and security.
From the design of complex systems to data protection, from cyber security to business continuity to disaster recovery, MSSPs are always at the customer’s side, protecting data, information, and business processes. Independent vendor, this type of provider offers, integrates and administers the best technologies of the best brands on a cloud computing, hybrid, and on-premise basis, directly managing the solutions in a complete outsourcing perspective or providing the customer with the solution created and delivered according to specific needs. All this effectively and flexibly, guaranteeing maximum personalization of services.
How Do You Choose Suppliers?
Once the choice to use a cloud solution has been consolidated for the on-premise approach, a company must face the phase of selecting the service/solution/supplier that best guarantees coverage of its needs. Here are the main aspects to be evaluated.
The first step is to probe the provider’s ability to meet the requirements of compliance with laws, regulations, and corporate reference standards. In addition to compliance with privacy regulations (for example, the GDPR), the geographical location of the data centers and consequently of the data, any insurance coverage in the case of a data breach, and the willingness to provide evidence of compliance with standards and regulations must be understood;
It is essential to test the provider’s ability to guarantee the continuity of the services offered and the availability of procedures and data. All technical solutions (facilities, systems, networks, backups, and so on, arriving at the availability of disaster recovery sites) must be inspected to cover crisis scenarios of different nature and scope (from limited failure to extended disaster) due to both events natural than to deliberate actions or errors;
It includes physical and environmental security measures (from physical access control to fire and flooding systems), network security (segmentation, perimeter security, secure remote access, IDS / IPS, and so on), and architecture virtualization (for example, multi-tenancy to segregate the data of different customers);
Identity & Access Management
This category includes measures for controlling logical access to systems, equipment, services, and applications, both by the provider’s staff for management purposes and by customers’ users to access services and data. It includes user and password management solutions, strong authentication, as well as the ability to integrate with customers’ user management systems;
Evaluates the provider’s ability to protect customer data from unauthorized access and modification. It includes the encryption of both data stored “at rest” and those in transit (for example, to/from customer systems), the management procedures of the cryptographic keys (key management), the solutions/procedures of backup and restore, and the management/return of data upon termination of contracts;
Host, Middleware & Application Security
It includes the assessment of physical server security measures, such as antivirus, hardening and patching, middleware (such as API security, database security), and applications (adoption of secure code development best practices, web application firewall, code inspecting and so on);
Operation & Monitoring
It includes assessing patch management procedures, vulnerability assessment interventions, tracing, and Monitoring of logs, tools, and techniques for managing and notification of security incidents.