What is happening in Cloud Security Space?

{{ Before i start, i would like to say following thoughts and information is as per my understanding on security products and market and at my individual level and nothing to do with my current organization or at official level so treat it as my personal opinion.}}

As you know cloud market share to host IT infra is growing too fast and people are moving their workload to these 3rd party cloud vendors and most of the time your engineers are not concerned about security.The cloud security market is expected to reach approximately $13 billion by 2022, according to Market Research Future.Tech stack is evolving so fast and people are more focused in implementation of it and leaving security on second priority.

As you know security implementation should start from software development or system implementation planning phase but very few organization or engineers focus on these aspect and they patch it on last priority. There are many best practices and framework available from big organization that tells how to fill those gaps during development phase so its not a hidden question about how to do it and can be easily be adapted if you have sense of security during software planning and implementation phase.

I will not talk about historical threats that prevalent in IT security industry but would like to talk about security management that we can do in CNCF framework. Those who don’t know what is CNCF please read on Cloud Native Cloud Foundation.

There are many technologies that falls under CNCF framework so we are not going to cover all or are not much specific to CNCF but as most of the organizations are using this tech stack so its better to cover those technologies so people can relate it with their practical environment.

  1. There are many questions like how to secure docker containers or how to secure docker images? Question not only restricts to securing your images but goes beyond in asking questions like can i download this docker image from public repository? How can i scan/verify downloaded container image from private or public repository don’t carry any malicious payload like virus, ransomware, malware etc?
  2. There are questions like how to prevent your workload to send malicious traffic to external environment(Assume a situation where your one of cloud instance sending spam emails from impacted machine from your internal network)
  3. How to secure kubernetes(k8s) , Openshift host node as these orchestration tools/hosts are becoming normal norms of container market?
  4. How to secure AWS, Google and Azure workload? Questions are like should we implement cloud vendor specific tool/service or should we look on other existing third party security solution providers, like Symantec, Macfee, CloudStrike,Sophos?
  5. Is there any mechanism to scan your Lambda functions(FaaS) for virus or other malwares?
  6. How can i identify security issue in my code during CI/CD chain, like new git commit just triggered new Jenkins build job and suddenly you gets alert that your code contains some vulnerabilities in it?
  7. How to perform behavior analysis on your live traffic in your AWS VPC or similar virtual private environment or other cloud vendors so that you can alert on any abnormal activity in your environment? How you will be parsing security data and how you will be alerting on it?
  8. If my workload or application is effected by malware then how can i isolate application or how i can block it to prevent further damage to my system or network?
  9. Who can provide me Operating System as well as Application Protection on Unix/Linux and Windows platform.
  10. Can i control anti malware policy from central console on my all cloud hosted workload? There are questions like how we can apply security policy on hybrid cloud model when your workloads are hosted on multi cloud vendor?
  11. Can i remediate vulnerable workload on single click across environment or hosted on multi cloud environment? How can i remediate my workload from vulnerability that just got published on CVE platform just few hours ago? How can i report it back to my management about high critical vulnerabilities in our environment?
  12. Can i scan my multi TB/Peta Byte objects stored on AWS S3 or Azure blob object storage? Can i complete this scan fast or will it take weeks to scan Peta byte of store hosted on those platforms?
  13. How can i assure my higher management that our environment is secure and able to handle any such vulnerability in no time?
  14. How can i protect access to my companies private environment from mobile devices including Android or Mac?
  15. Can i protect only my Windows 10 desktops?
  16. Can i get file integrity monitoring(FIM) on my cloud workload?

There are some big businesses those who are trying to consolidate security business market and making their interest on security “data” and once they will have all data at one place or all security solutions at one place then they will come up with more efficient and with more intelligent solutions/answers to security or related problems.

This question list goes on as there are multiple other questions about security tool installation, management, configuration and reporting back.Till this point i assume i have created a platform for your base security understanding on latest tech stack on cloud platform and now comes the another big question, how can we solve these problems and who is providing you the solution and who is providing answers to these question?

To be very frank i will say most of the security vendors are competing in this space and trying their best to remediate all these problems. But question is who is best, who is leading in this market, who is providing better customer services, who’s pricing model is better, who is more customer centric, who is more adaptable in this agile world, who is covering more tech stack, who is reliable and available to handle such situation, who has better subscription model, who is accurate on their deepsight security expertise, who is best in world for their endpoint protection and response system(EDR), who has security incident quick reaction team as service etc. I don’t have much experience on other platform but as i am working with Symantec and i can see Symantec’s solutions are providing answers to majority of the questions and now they are coming up with more customer centric approach using their new product range in SaaS category.

It includes applications like:

  1. Symantec Cloud Workload Protection (CWP)
  2. Symantec Cloud Workload Protection – Storage
  3. Symantec Cloud Workload Assurance (CWA)
  4. Symantec Advanced Endpoint Protection
  5. Symantec Endpoint Protection – Mobile
  6. Symantec Vulnerability Remediation (VRapp)
  7. Symantec Integrated Cyber Defense Manager(iCDM)

Following are the available option to get subscription on your existing cloud account:

No alt text provided for this image

Don’t get confused that you have to install all, Symantec is doing a great job that bringing these isolated functionality on central single console that is available through their next generation cloud security product called Integrated Cyber Defense Manager(iCDM) and already available in market for their existing customers. They are bringing it in application subscription model and it will be single click on your existing subscription and can easily be unsubscribed at any time when you don’t require it. They also have pay as you go option from AWS Marketplace and have option on other cloud vendor’s platforms.

No alt text provided for this image

89-day free trial or 20,000 hours (click Continue to Subscribe above) – then pay only for what you use. Cloud Workload Protection (CWP) provides advanced threat protection using Symantec Endpoint Protection (SEP) technologies. Protect your workloads using antivirus, OS hardening, intrusion detection and prevention (IDS/IPS), and application control all in one product.

CWP provides comprehensive security by discovering, visualizing, and protecting all your EC2 instances with anti-malware, intrusion detection and prevention (IDS/IPS), and real-time file integrity monitoring (FIM) in a single agent.CWP also delivers cloud-native security to protect and monitor workloads including Docker containers preventing unauthorized changes and elevated privileges to system resources. You can automate security by integrating with DevOps tools like Splunk, Chef, and Puppet using CWP’s RESTful APIs.

CWP pricing on AWS Marketplace

Symantec CWP is first security product to integrate with recently launched AWS EventBridge and already have solution to send network activity data from AWS VPC flow log to AWS Gaurduty service for further processing.

You can buy their solution from AWS Marketplace or can click on their product site to get free trial.

No alt text provided for this image

Discussion on product feature can go long so i am attaching Symantec’s CWP datasheet pdf that gives more detailed working/features of it and available at CWP Features. Those who would like to go deep they can watch it on CWP.

I can write more on it but i will leave it here and keeping option to write more on similar solution and topic from other vendors in security domain and will come up about how to test these solutions by placing virus or malware on protected workloads hosted on cloud environment. Leave me questions on comment block if you are interested to know more about other related product features and how to test things as or when you have subscription available with you and i will recommend to go and test it on AWS marketplace for free trial of 89 days where you can easily get expertise on these product.