Cisco Cloud Security Architecture: Un-Cloaking Invisible Threats
In the more than ten years, I have worked in developing security solutions, I have witnessed the steady evolution of security threats and the incredible strides made to combat them. Recent high profile security breaches have shown that a breach in security can have serious consequences.. It can lead to loss or destruction of business assets, bad publicity and its associated effect on a company’s brand, hefty regulatory fines, disruption of services and costs associated with numerous lawsuits. The main task of a hacker is to access business assets through the network without being detected. The threats are normally cloaked within ubiquitous traffic flows such as web or email. Whatever the nature of a threat, an attack leaves signatures behind that can be used to “un-cloak” the threat. Threat defense and visibility is the watchword.
It has been exhausting to many of us, to be constantly engaged in the never ending cat and mouse game we play to manage and detect cyber threats. When it comes to securing private and public clouds, a new generation of security architecture is needed to help us protect business assets. Here at Cisco, we have worked with large enterprises, service providers and security experts to develop a threat-focused, next generation security architecture that stops and detects invisible threats to business assets. We have recently introduced a next generation Cisco Security Cloud Architecture that can help you secure your cloud environment and mitigate security threats.
In addition to the traditional network and firewall appliances, this architecture leverages products such as firePOWER next generation IPS, Cisco Cyber Threat Defense Solution, and Splunk Security Information & Event Monitoring system. This architecture is designed to:
1) Detect network reconnaissance, including network probing to identify attack vectors
2) Block known threats that are potentially part of a larger coordinated attack
3) Detect bots and block Command and Control (CnC) traffic between the attacker and compromised internal hosts
4) Identify potential loss and theft of valuable data assets
5) Track and remediate internal malware propagation aimed at gathering information and disrupting operations
6) Provide threat defense in the network interior, where the most elusive and dangerous threats target and detect threats closer to the source to minimize damage and propagation
You may ask, how does this architecture do what it does. Cisco’s Cloud Security Architecture uses signature-based detection methods to detect and stop threats and various intrusion events. The architecture uses the following elements to identify suspicious traffic and provide visibility into evasive and dangerous threats.
- NetFlow analysis—Leveraging Cisco’s Netflow feature exported by network and security appliances, to Identify suspicious network traffic patterns within the network interior
- File analysis—Performs reputation scoring and dynamic analysis of files traversing the network
- Behavior-based Algorithms- Do detect patterns and signatures associated with known threats
- Deep-packet inspection—Identifies exploits cloaked within unsuspecting traffic flows, that can lead to system compromise
- Log analysis—Uncovers stealthy activity that may be spread across days, weeks, or months
- Real-time threat Monitoring- Specially tailored reporting dashboards for tracking network reconnaissance, internal malware propagation, command-and-control traffic, intrusion events and data exfiltration.
A Secure Cloud Architecture that Alleviates Your Most Nagging Pain Points
As results of numerous surveys of IT professionals suggest, concerns about cloud security continue to make organizations wary of adopting cloud-based services. Alleviation of these concerns, by cloud service providers can lead to greater trust in cloud and higher adoption of cloud services. We have worked with service providers and large enterprises and identified the top five concerns which are addressed in our Secure Cloud Architecture.
1) Delivering security guarantees to cloud users- Consumers of cloud services are more likely to use cloud services if some kind of security guarantee is provided.
2) Lack of effective data separation. Cloud by its nature is a shared environment, where a customer’s data is shared alongside data from other customers.
3) Conforming to various regulatory compliance standards- Cloud consumers in various business verticals, such as healthcare and the Federal space require that the cloud service providers be in compliance with regulatory standards such as PCI, FISMA and HIPAA.
4) Providing real-time end-to-end visibility, threat mitigation and remediation on a per-tenant basis. Complete end-to-end visibility and real-time threat mitigation is essential to ensure a secure cloud environment. This provides different consumers or cloud tenants visibility and granularity to set their own security policy based on their needs.
5) Developing forensic tools for investigation of illegal activity. Investigating inappropriate activity are especially difficult to investigate in a cloud environment. Consumers are more likely to adopt cloud services, if they can get contractual commitment from cloud service providers to offer specific forms of investigative tools.
A Proven Secure Architecture, Built on the Most Widely Deployed Cloud Infrastructure
We addressed each of these elements as we designed, built, and validated our new Cloud Security solution. Our Cloud Security solution is built upon Cisco’s cloud foundation, the Virtual Multi-service Data Center (VMDC) that’s been deployed at hundreds of the world’s top enterprises and service providers.
A Secure Cloud Architecture that Meets Your Unique Business Needs
Every organization or service provider has its own unique business requirements. Large organizations may deploy a private cloud, and provide cloud services to various business entities within the organization. Some service providers may adopt a tiered approach, where they can sell security as a service-providing high-end customers with more extensive security capabilities and providing other customers with only a subset of security capabilities reserved for high-end consumers.
Cisco’s Secure Cloud Architecture is a based on reference architecture that can support a variety of customer requirements, business drivers and organizational structures. It is a Cisco Validated Design, that provides design recommendations, scaling, and best practices to help you quickly implement secure cloud services.
For More Info:
We encourage you to follow my blog series and check out our Secure Cloud Solution.
Tweet us at @CiscoSP360 for questions or comments. We would love to hear from you!