Alert Logic‘s Rahul Bakshi, Sr. Dr. of Product, came by to present Cloud Insight and to discuss security issues found in cloud computing environments, such as Amazon’s AWS.
The challenge Bakshi pointed out is that the security tools many organizations are using were never designed for the agile, rapidly changing world of cloud computing. Servers, storage and applications are all virtual and may move from system to system, from data center to data center, and even might move from the organization’s own data center to that of one or more cloud services provider.
These tools often weren’t designed to deal with the rapidly advancing security threats being seen today. The National Vulnerability Database maintained by the National Institute of Standards, indicated that the number of known vulnerabilities in 2004 was 2,450. By 2015, that number was up to 11,000.
Alert Logic would pose that the best approach today would be to have a cloud service probe an organizations running computing environment regularly and then report on the problems that were found. This cloud service would be kept up to date with known issues and could find places in which the organization had not kept their systems up to date. This service should check AWS account security, network configuration, and service configuration.
Alert Logic’s Cloud Insight Cloud Insight offers the following capabilities:
- Asset Discovery – Instances & Services
- Vulnerability Assessment
- Configuration Auditing against industry best practices
- Auditing of AWS configuration against Amazon best practices
The goal is maintaining a constant state of vigilance against threats.
Alert Logic isn’t the only supplier of security technology to notice that traditional security products may not address all of the issues imposed by using cloud services. Nearly every security provider I’ve spoken to also highlights this issue and claims to be uniquely qualified to address it.
Alert Logic’s approach of detecting issues, identifying them, analyzing the extent and type of threat found and then taking steps to remediate them appears to be pragmatic and makes a great deal of sense. The company claims to check over 70,000 different configuration and vulnerability issues each time it scans the environment.
If cloud security is your concern, it might be wise to schedule a conversation with Alert Logic to learn how their technology might save your organization a lot of problems.