Why New Cloud Security Challenges Require Identity-Centric Security
In the 2016 Cloud Security Research Report, Crowd Research Partners revealed that 91% of organizations have security concerns when it comes to adopting public cloud. However, only 14% believe that existing network security tools are capable of truly protecting the public cloud.
The reality is, just as organizations were getting comfortable with their security solutions sitting on the edge of the network, the network perimeter has dissolved. Now users are accessing SaaS applications directly from mobile devices, bypassing network-centric tools. It’s not just SaaS applications either; more and more companies are lifting and shifting workloads to the cloud running in IaaS environments.
To make matters worse, good security resources are scarce. Budgets are shrinking, and even if you can find the money, an Economist Intelligence Study indicates that 66% of cybersecurity job openings cannot be filled by skilled candidates. All this while the sophistication of threats is growing.
Today’s attacks have increased in sophistication. The threat of zero-day exploits is expanding on a scale unseen before and putting a strain on researchers’ ability to identify and prevent using signature-based techniques. This makes anomaly detection the only way to spot the needle in a haystack. Today’s threats now leverage multiple vectors and breaking apart the attack sequence into smaller, more difficult to identify, chunks that are re-packaged and executed making sequence awareness of the attack chain critical. The attack focus is now targeted, whereas it used to be indiscriminate. This makes user awareness and attribution invaluable in detection. Early detection is the key to containment, as today’s attacks no longer go on for just hours. They are persistent, as networks, applications, and services can be probed for days, weeks, or months.
With all these challenges, our old network-centric tools are being asked to secure data/assets in ways that they are not capable of. It is only identity that is bringing these disparate worlds together. It is the identity context brought together with new technologies, such as machine learning, big data, and advanced analytics that allows a security professional to centralize and normalize user activities. Then correlate and analyze those user events against cloud application, device- and network-based events to identify anomalistic and potentially risky behavior in near real time. Lastly, the outcome of this leads to preventative actions to defend against current and future attacks across the affected planes.
Modern Security’s Four Stage Detection and Response Paradigm
Historical security measures are reactive and focused on protecting the front door to applications and data. These controls are absolutely important and required for a defense-in-depth model but alone are not sufficient for today’s threats. The demand for preventative technologies using advanced and lean-forward security technologies is growing. Organizations have been responsible with putting the “locks and cameras” on in their organization but lack the ability to correlate multiple penetration attempts together to look for patterns, root cause, and predict the next phase of the attack sequence. Security professionals are starting to accept the reality today, which isn’t a matter of IF you will be attacked, it is HOW frequent and WHAT data (if any) was compromised. This is the driver behind faster detection and response with complete audit and analysis of the event sequence.
What’s needed is a full cycle controls environment that combines for preventive and detective solutions. Leading organizations are recognizing a need for a four stage model that includes Discover, Secure, Monitor and Respond.
Discover: To improve, you must measure and have visibility into what services are being used, how and by whom. This includes visibility into both sanctioned, as well as un-sanctioned activity that is occurring with Shadow IT.
Secure: We still need all the preventive controls with proactive application and content security to ensure sensitive data is protected. We still need to authenticate and give authorization to users and applications, as well as protect data with strong application encryption to keep it safe.
Monitor: However, those preventive controls are not enough. We must continuously monitor the environment to detect threats and identify anomalous activity when it’s occurring.
Respond: Automated response is necessary to augment your already stretched security teams. Organizations don’t have the resources to detect issues and then hand them over for a forensic professional to research and ultimately come up with a manual response plan for each threat.
Oracle Delivers the World’s First Identity SOC
Oracle has recognized this shift in the security landscape and in our customer’s needs. Not only do we need to protect our own cloud, but our customers are looking for modern techniques to help them provide consistent security controls across cloud and on-prem environments. A 2016 Right Scale study said enterprises plan to use an average of three cloud services to run their workloads. More than ever, coordinated security management is needed.
Oracle is making a big investment in the world’s first Identity SOC with three new security cloud services that integrate several new technologies into a homogeneous set of services. The integrated technologies include Security Incident and Event Management (SIEM), User & Entity Behavior Analytics (UEBA), Identity Management (IDM), and Cloud Access Security Broker (CASB). Each of these new services will integrate with the rest of your security fabric, but when joined together they offer the full benefit of a true Identity SOC with bi-directional controls and actionable intelligence.
To learn more about the Oracle Identity SOC, download the solution brief here.