sb-nz logo
Story image

The three-pronged security approach to multi-cloud environments

08 Oct 2018

The old saying is true – you can’t protect what you can’t see. In a digital world, we’re generating more data than ever and using more applications to process it. Enterprises are also juggling different IT environments – on-premise, public cloud, hybrid cloud, and private cloud.

And of course, all of those environments need to stay protected from cyber threats, completely visible to security teams, compliant and functional. The lack of visibility can be a major problem that can have profound impacts on policy management and troubleshooting.

Network security provider vArmour explains: “Standard practice for gaining visibility into network communications is to collect sampled flow data from network switches and other infrastructure components or to capture network traffic at choke points in the network and then feed that data to a central repository such as a SIEM.  In fact, most security and analytics products rely on these data sources to spot potential issues and threats.”

That method doesn’t necessarily catch all traffic – intra-hypervisor, intra-VLAN, and intra-subnet traffic can all remain undetected. This is of particular concern when it comes to policy management.

“Consider an application that consists of three components - a web server, an app server, and a database,” vArmour says.  “If these three components exist on the same hypervisor, then it is highly likely the only observed communications will be the requests coming in to the web server and other network system functions (DNS, NTP, etc.) and possibly traffic from security scans.

"This hardly provides enough information to understand the application and create appropriate security policies; some might argue it also reduces the chances of detecting a threat in the environment.”

A lack of threat detection is just one issue when it comes to multi-cloud environments. Every application has a different collection of policies that allow or block communications.

Those policies can be modified as application changes and overlaps occur. Those changes may not be suitable for the current environment, so audits are a necessary part of compliance. 

Policies should match the desired application behaviours and they must not negatively impact other applications or services in the environment – a difficult task when visibility is limited.

These challenges are known and recognised in the industry. Cloud-native controls and multi-cloud controls have enabled CISOs to gain more security and more visibility from their platforms.

Most cloud platforms today provide some level of security policy control as a native feature.  These cloud-native controls provide excellent integrations with their respective cloud platform and orchestration systems, though they are often lacking in the more advanced functionality provided by standalone products,” vArmour says. 

Security vendors also understand that enterprises are dealing with multiple IT infrastructures and how they affect security teams. Some can run on multiple platforms, while others can utilise either the controls provided natively by the platform itself or other components or products running in the environment.  

These capabilities greatly simplify (and standardise) the work performed by security teams attempting to secure the infrastructures that are continually shifting and evolving.

So in order to protect your enterprise applications and reduce your attack surface, you need a solution that can provide visibility into all of your environments (on-premise, public cloud, containers), compute policy, and then enforce those policies across all of those environments.

Katana Technologies is vArmour's sole distributor in New Zealand. Katana's managing director Steve Rielly says the vArmour team are true visionaries.

"They reimagine security to ensure customers are able to have a dynamic business without suffering the pitfalls of vendor lock-in with expensive, timely and completely unnecessary legacy infrastructure upgrades. Initial conversations have already put halt to large switch and firewall orders as organisations realise there is a far better way."

"It's going to be an interesting conversation for providers to justify such high costs for perimeter firewalls and software defined network implementations and upgrades, when they see the simplicity and inexpensive value proposition from vArmour partners," Rielly notes.

vArmour takes a three-pronged approach to multi-cloud environments: Auto-discovery, policy computation, and enforcement.

Auto-discovery is able to capture real-world application communication patterns across different environments and infrastructures. vArmour Policy Architect is able to do that and more: it can discover workload types, application structures and dependencies to help create accurate policies. Data can also be used for network troubleshooting, incident response, and compliance monitoring.

Policy computation takes into account different environment scenarios, including day-to-day network operations, or whether network security that meets compliance requirements is fully operational.

At a high level, vArmour’s policy automation solution relies on the metadata associated with workloads (or services) to determine whether or not to apply any of the policies to the workloads/services. The metadata can be domain-specific—ranging from VM tags and attributes in VMware ESXi environments to Endpoint Groups (EPGs) in Cisco Application Centric Infrastructure (ACI) environments. 

Finally, enforcement can be a tricky task, particularly as organisations grow and evolve. . Deploying candidate rules to production without accidentally impacting other services or applications can be a nerve-wracking task and accounts for a significant portion of policy management lifecycles.

vArmour Policy Architect enables security teams to protect applications regardless of how they’re hosted, their size, or their complexity. It also protects against unintended policy consequences, and it can enable out-of-band policy validation using real production data.

Analysts at the Enterprise Strategy Group put vArmour to the test – register free to learn more about what they found in this on-demand webinar. Click here to watch the webinar.

Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Why IT and HR must work together to help businesses weather the storm
Employers are striving to balance team productivity, security and employee engagement. If remote work is the new norm, it’s impossible to ignore the challenging nature of the situation, writes Gigamon manager for A/NZ George Tsoukas.More