One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1892094 |
| Date de publication | 2020-09-01 05:01:00 (vue: 2020-09-01 09:05:29) |
| Titre | Cloud-based SIEM explained |
| Texte | This blog was written by a third party author. Security information and event management (SIEM) solutions offer businesses the ability to collect, store, and analyze security information from across their organization and alert IT admins/security teams to potential attacks. In today’s complex digital environments, SIEMs allow IT teams to more effectively detect and respond to a wide range of threats across broad networks. However, with businesses moving more and more workloads and workflows to the cloud, their security defenses need to move with them. What is a cloud-based SIEM? Cloud-based SIEM (also referred to as SIEM-as-a-Service), takes SIEM to the next level, providing IT teams with greater convenience, flexibility, and power when managing threats across multiple environments – both on-premises and in the cloud. This is particularly important at a time when both the workforce and critical workloads are no longer within the four walls of the organization. Cloud-based SIEM provides an effective and efficient way to constantly monitor all devices, servers, applications, users, and infrastructure components on your network. And all from one central cloud-based dashboard. From the “single pane of glass” of a cloud-based SIEM platform, you can… Monitor systems, applications, and workloads, whether physical or virtual, anywhere in your network, whether in your data center, in a private cloud, or across one or more public clouds Get real-time alerts on security incidents Serve as the basis for risk analysis and audits Consolidate and manage security and event log data Automate compliance reporting How has cloud infrastructure redefined threat detection? The ultimate goal of any SIEM platform is to improve an organization’s security posture. However, with businesses moving to the cloud, the threat landscape has changed and with it the way we need to perform threat detection and response has also changed. The new infrastructure and deployment models that come with cloud deployment have brought not only new security models, but also new attack surfaces. One key area of change is responsibility. In on-premises deployments, companies are responsible for the entire security stack, from the physical hardware infrastructure to the data stored on it. However, with cloud infrastructures there is a split. The shared responsibility models of AWS, Microsoft, Google and the like, set out that while the cloud service provider (CSP) takes responsibility for the security and maintenance of any supporting hardware, it is the individual organization’s responsibility to secure and maintain the data on those systems. If not managed correctly, this creates a potential visibility gap in the business’ attack surface. The highly dynamic nature of cloud workloads means that systems can come and go in seconds, and confidential information can be exposed to other users or to the CSP because no control is provided over the existing hardware. On top of this, the introduction of multiple access and management capabilities makes it hard to manage, track, and audit administrative actions when users can access cloud resources from both inside and outside the corporate environment. All this renders traditional approaches to monitoring traffic flow ineffective. So new controls need to be applied. Looking at things from an attacker’s perspective, cloud-based systems offer variability in administrative access models which gives the attacker two different angles of attack. Firstly, via traditional means of accessing systems inside the enterprise network perimeter and escalating to an administrative account that has cloud resources. Secondly, the attacker can bypass all the above by compromising credentials from an administrator account that has remote administrative capabilities or CSP administrative access. Cloud-based |
| Envoyé | Oui |
| Condensat | “single in ability above access accessing account across actions additional address administrative administrator admins/security alert alerts all allow allowing allows also always analysis analyze angles any anywhere applications applied approaches are area attack attacker attacker’s attacks audit audits author automate aws based basis because become before being benefits blog both broad brought business business’ businesses but bypass can can… capabilities capacity capital center central challenges change changed choosing cloud clouds collect combination come companies complex compliance components comprehensive compromising confidential configure consolidate constantly control controls convenience conveniently corporate correctly cost creates credentials critical csp current customized dashboard data defenses deployed deployment deployments designed detect detection devices different differentiated digital dynamic easily easy effective effectively efficient efficiently emerging enterprise entire environment environments escalating event eventually existing expenditure expenditures expense expert expertise explained exposed first firstly flexibility flow four framework from fully gap get gives glass” goal going google greater handle handles hard hardware has have highly hosted how however implementing important improve incidents individual ineffective information infrastructure infrastructures inherent inside install introduction it’s key landscape less level like log long longer looking lowering maintain maintaining maintenance makes manage manageable managed management managing may means microsoft model models monitor monitoring more move moving much multiple nature necessary need needed network networks new next not number obsolete offer onboarding one only operational operations organization organization’s organizations other out outside over overbearing pane particularly party perform perimeter perspective physical platform posture potential power premises private process properly provide provided provider provides providing public purchased purchasing quickly range real redefined reduces referred refresh remote removes renders reporting require required resources respond response responsibility responsibility models responsible risk running scale secondly seconds secure security seem serve servers service set shared short siem siems simplify simply site software solution solutions specific speed split stack staff state stay store stored supporting surface surfaces system systems takes task teams technology them then these things third those threat threats time today’s tools top track traditional traffic transition truth two ultimate unavoidable updates users variability virtual visibility walls way well what when where whether which wide will within workflows workforce workloads worry written your |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.