Advanced Protection in a Public Cloud
Finding problems faster and eliminating distractions add to the security of at least one large cloud environment.
As organizations migrate more data into public clouds, demands for a different type of security are emerging. A specialized option is available now for Amazon Web Services that aims to mitigate threats more quickly by finding them faster and suggesting methods of remediation.
Known as the Evident Security Platform for Amazon Web Services (ESP for AWS), the technology offers a solution expressly designed for the Amazon environment. It has a rapid deployment of five minutes or less and gives a dashboard view of identified threats. In the first week it launched, 50 companies of various sizes signed on for the platform, including several large, multinational corporations.
Evident.io is the startup company that developed the technology, and its officials are looking for enterprise customers that have challenges trying to manage and secure large-scale clouds on AWS. The offering from Amazon includes various pay-per-use services, such as a platform to run Web applications, virtual private network, content delivery network and a data store.
Once clients sign on for the ESP, they create a security role in their accounts with a policy that lets Evident.io read their application programming interface and pull back descriptive data about the infrastructure. They then create an external identifier and put it into their accounts in the security role. Accounts are then nicknamed to be human friendly. Developers aimed to find an easy setup method because, “the easier it is, the more likely people are to adopt security,” explains Tim Prendergast, co-founder and chief executive officer of Evident.io. After completing those steps, the full security report is ready minutes later.
The scan takes in every account a client might have across AWS more or less simultaneously, not one at a time. Most customers tend to have several accounts, such as ones for production and ones for development. Enterprise corporations might have thousands of accounts. More traditional security tools scan accounts individually and send a single report. The reports merge on the back end, and staff figure out how to make fixes. ESP for AWS performs the tasks in near real time, including the information on how to resolve the problems. “We have one dashboard that gives you the risk view of your entire organization,” Prendergast says.
He adds that it makes sense for organizations to segment their various accounts. It follows good infrastructure practices. With the scan of all the accounts, he believes, his product offers a really honest and transparent view into operations of their services. “You need to have an honest view,” he states. Otherwise, groups fail to know what risks they actually are incurring. Lack of such a view in the past has cost high-level leaders their jobs. The right information allows decision makers to invest time and money in the right places. Evident’s offering assigns a priority to the risks as well.
After the first report that an organization employing the tool receives, the engine begins to scan the accounts continuously. Users can customize their alerts how they want them, including choosing a nightly email or requesting a notification as soon as a change is detected. Information is presented in visual and aggregated form. Customers can view that information in a variety of ways depending on their needs. For example, they can sort based on a unique risk identification. The approach helps eliminate false positives and prevents too much input being presented at the same time. Rather, Evident aims to give precise, descriptive alerts. The system is set up to be intuitive, so users establish the parameters themselves without Evident’s involvement.
Verizon’s 2014 Data Breach Investigations Report showcases the problems with protecting networks and discusses the need for improved detection, not simply response. Often, system administrators find out about problems with their security only after an attack. “That’s why we say security is broken in some cases,” Prendergast says. Though no organization has much of a chance to stop a motivated attacker, it should detect and contain problems as quickly as possible. “That’s the entire game,” Prendergast states. With enterprises turning attention to leveraging public clouds, new attacks are occurring. However, the move to the cloud has multiple benefits, including allowing cyberprofessionals to spend less time focused on infrastructure and more time on their regular jobs.
Evident’s solution is wide reaching, so it could help organizations that might fail to consider certain threats. One event recently involved an employee at a company creating new instant message accounts. Such activities were not monitored by the company’s cybersecurity efforts, and the employee used the dummy accounts to carry out malicious activities. ESP would have alerted personnel to such behaviors.
Prendergast, who has a background in cybersecurity, says what security professionals care about is minimizing risk of attacks. What often happens, however, is that cybersecurity professionals end up becoming developers instead of staying true to their original purpose. By employing a tool such as Evident’s, they can spend less time in development mode and more time protecting networks.
Justin Lundy, the other co-founder and chief technology officer of Evident.io, says ESP for AWS is essentially a force multiplier. Finding qualified cybersecurity personnel or training people in the right functions is difficult and not happening fast enough on a countrywide level. With the tool, groups can receive the protection they require without needing more people to carry out the tasks.
Though the technology is built and deployed for Amazon, that company is not actively involved in the effort. Evident is an Amazon partner because it believes in the latter’s ecosystem. Amazon has a large percentage of the public cloud business, but overall, companies still hesitate to move their critical applications into any such offering because they want proof their data will be secure. Evident is trying to do that with its tool.
The attitudes reflect the changing nature of cybersecurity. Traditionally, groups built data centers with the idea to block attackers from outside. But threats found ways to penetrate the systems anyway, and insider risks continue to be the source of damage. Furthermore, such systems require constant monitoring, and false positives are common. That fact creates another problem where real attacks become lost in all the noise. “Security as a whole stopped functioning effectively,” Prendergast says. He estimates technology infrastructure leapfrogged security infrastructure by about five years.
Creating an automated system enabled constantly vigilant platforms. The result is quicker remediation. Prendergast says attackers were winning because they became faster than protective tools. The capabilities now available level the playing field.
Though companies’ information is kept secure, there is some level of sharing to help everyone address threats better. If a danger is detected, Evident can create a new signature for the risk and send an alert out to its customers. The situation allows for the potential that a solution could be implemented before a threat becomes a problem. Evident can leverage the infrastructure across a large number of groups. The result is a higher velocity for threat intelligence, an important feature in a landscape that alters quickly.
Prendergast explains that traditionally, people tend to hold cyber information close. “We think that’s wrong,” he says. “If anything, we want to talk to the community.” Evident has a blog that allows experts to pass along information. The company aims to put out the word if an attack is happening so groups can be on watch.
The organization’s solutions are available for the public sector, too. Already Evident.io is an Amazon government cloud provider and is in talks with organizations such as the CIA. Prendergast references the Department of Homeland Security’s Continuous Diagnostics and Mitigation program that is very similar to Evident’s work. “Basically, what’s happened now is even the federal government sees the need to accelerate the velocity of security tools,” he says.