Written by Sean Colicchio, Cybersecurity Technical Practice Leader at Converge Technology Solutions
The race to the cloud was already happening at a pretty quick pace. Then, 2020 happened and migrations moved from just having a quick pace to being full out sprints. It’s no secret that the public clouds provide incredible scale and value for any organization looking to gain efficiencies. Enterprises can free themselves of costly CapEx costs and take on far more reasonable Opex ones instead. Capital One reported that they originally planned to abandon their data centers for the public cloud by 2020. However, Capital One learned that managing and securing the cloud isn’t so simple.
One cloud is hard enough
While a cloud provider is responsible for securing the outside of the cloud, the customer is still responsible for the configuration of the inside. One misconfiguration can be catastrophic, as Capital One learned in 2019, when it was breached, exposing the data of 100 million people. Capital One’s data was stored in AWS’ Simple Storage Service (S3). While Amazon’s defenses were working fine, the data was stolen as a result of a misconfigured firewall protecting one application.
Enterprises aren’t stopping at just one
Not all clouds are created equal. Some are better suited for computing power. Others for their analytics capabilities. According to IBM research, 85% of organizations are using multi-cloud environments for the optimization of storage and computing capabilities. By 2021, that number is expected to reach 98%. Managing and securing a single cloud is hard enough, but doing so for multiple clouds, now therein lies a challenge.
Enterprises certainly know this. IBM research has also shown that while an enormous percentage of organizations have adopted multi-cloud models, an even greater percentage has yet to migrate critical workloads to the cloud. This is significant and highlights the importance of security in the migration process and presents organizations with a few choices. They can do it alone and hope to not follow in the footsteps of a Capital One, or they can select a trusted partner with the expertise and horsepower to guide them on their journey.
The first step: detection
The first step to securing any environment, let alone the compounded complexities of multiple clouds, is knowing exactly what is going on everywhere. Whether it’s on-premises or in a container, you must have visibility into what is happening and if anything is anomalous. IBM research shows that a breach can take as many as 197 days to be detected. Companies that take too long to disclose a breach can also face heavy fines.
To combat this, the first step is implementing a robust security information and event management (SIEM) solution like QRadar. Today’s networks are more complex than ever before and protecting them from increasingly malicious and sophisticated attackers is a never-ending task. Organizations seeking to protect their customers’ identities, safeguard their intellectual property and avoid business disruption need to proactively monitor their environment so that they can rapidly detect threats and accurately respond before attackers are able to cause material damage.
QRadar is designed to automatically analyze and correlate activity across multiple data sources including logs, events, network flows, user activity, vulnerability information and threat intelligence to identify known and unknown threats. Phishing activity, Command and Control (C2) traffic, ransomware, and data theft and exfiltration are just a few common threats QRadar detects.
QRadar enables organizations to map their entire network footprint of authorized and connected devices, whether on-premise or in a multi-cloud network model, and monitor them for anomalous behavior.
Remember, you cannot stop what you cannot detect. And the longer a piece of malware sits on a network, the more evasive it becomes and the more damage it will cause. To avoid becoming a newspaper headline, identifying a breach immediately is critical to minimizing damage to assets and more important, brand reputation.
To learn more about how QRadar can help safeguard your critical data, please contact us today!