The movement to cloud often creates its own infrastructure management challenges. And in the case of security, it can lead to less than ideal architectures for managing the growing array of threats. This article attempts to find out most effective architecture to secure the cloud.
One undeniable fact about the cyber-security threat landscape is that the attacks are rapidly evolving in order to stay ahead of many security technologies and thereby evade detection. The unending race between malicious actors and security professionals largely defines the risk profile of organizations and industries. To better defend against these powerful and dynamic threats, organizations need a thoughtful architecture to stay one step ahead.
There are two particular recent threat types that are trending and creating significant challenges for protection from cloud-only security solutions: Low & Slow attacks and SSL encrypted attacks.
Low & Slow attacks leverage targeted resource exhaustion, going after specific design flaws or
vulnerabilities of a server or application with a relatively small amount of malicious traffic, eventually causing it to crash. “Low and slow” attacks mostly target application resources (and sometimes server resources). By nature, they are very difficult to detect because they involve connection and data transfers that appear at a normal rate. This creates significant challenges for cloud-only solutions that are either monitoring Netflow data levels or are engaged only when overall traffic rates exceed pre-determined thresholds.
The use of SSL/TLS in applications to encrypt traffic and secure end-to-end data transit is on the rise. Many businesses now have a high majority of traffic and transactions occurring through encrypted sessions. The use of encrypted traffic in cyber-attacks is also on the rise, creating significant challenges for many security technologies in terms of computing and capacity, as well as simple visibility into the traffic for attack detection. Most attack mitigation technologies do not inspect SSL traffic, as it requires decryption of the traffic. HTTPS Floods—encrypted HTTP traffic floods are now frequently participating in multi-vulnerability attack campaigns. Compounding the impact of “normal” HTTP Floods, encrypted HTTP attacks add several other challenges, such as the burden of encryption and decryption mechanisms.
Cloud-only security solutions require end customers to share private keys and certificates in order to support decryption and inspection of potentially malicious traffic. This compromises the overall security posture of the customer and in many cases will violate compliance with certain security standards.
HYBRID ATTACK PROTECTION
There is no longer debate over the ideal security architecture for providing protection from the wide array of threat vectors related to denial of service attacks. Leading analysts agree that the best solution is hybrid attack protection, a combination of on-premise and cloud-based mitigation technology that delivers immediate mitigation of non-volumetric attacks with the availability of additional mitigation resources in the event an attack threatens to saturate the Internet pipe.
There are many benefits to a hybrid protection model. Primary among them is that it supports a “detect where you can, mitigate where you should” approach that ensures effective attack detection through visibility into all traffic, immediacy of mitigation, and outside volumetric support. However, not all hybrid solutions are created equal. Organizations should look very closely at the accuracy of detection and attack vectors covered in on-premises technologies. Expertise and capacity of cloud-based resources that defend against large volumetric attacks that require redirection to scrubbing centers should be considered. Single-vendor hybrid solutions that utilize identical technologies and teams for both on-premises and cloud-based protection have many benefits and advantages.
Authored By: Nikhil Taneja, Regional Director and Country Manager- India & SAARC at Radware