There are plenty of reasons for and against moving to the cloud. One of the reasons for migrating is that it can...
provide enterprises with better options for security measures.
There are five significant cloud security applications that are worth considering, including malware analysis, penetration testing, secure storage, proof of concepts, and virtual labs and training.
The first of the important cloud security applications is for malware and threat analysis. An experienced security analyst or threat intelligence analyst should be comfortable with malware research, and even reverse engineering.
This will not only provide the analyst with valuable skills and knowledge, but it will also build up a profile of who a company's adversaries are and what they are trying to achieve. This, in turn, enables organizations to take proactive measures against the attack methods being used, for instance, by blacklisting related or observed bad domains or by writing customized intrusion prevention signatures.
Malware analysis can be risky, however. A company would need a completely isolated network and sandbox system to prevent malware from accidentally moving into the production network. A simple mistake in a configuration or a shortcut used for convenience could lead to a companywide outbreak.
Another risk to take into consideration is the potential for sandboxed malware to beacon back to the attacker's infrastructure. This leaves a trail that the attacker can follow back to a potentially compromised network. The attacker can then check for already infected machines or try to slightly adjust the attack method based on the partially failed first attempt.
The use of a third-party cloud platform is one solution to these issues. Other than a web interface or some form of remote desktop, such as the remote desktop protocol, or through virtual network computing, there is no need for any other connection between the production network and the cloud platform.
Some security vendors, such as FireEye and Cisco, have also launched cloud integration in their flagship products. In the latter case, the detected files are uploaded to Cisco's cloud systems for external analysis. The results are then compared to threat intelligence collected from customers, after which a more informed decision can be made on the risk level of the file.
Penetration testing is another of the top cloud security applications. Penetration tests are often conducted from a system outside the target's network, simulating an external attack. Security companies specialized in penetration testing could benefit from the use of cloud platforms.
Vendors such as Microsoft and Amazon offer, for instance, Kali Linux and several vulnerability scanners, like Tenable Nessus, as preconfigured virtual machine images. The flexibility and relatively low on-demand costs of this option have made it very accessible.
There is another difference, however. If the penetration tester uses the security company's infrastructure, the attack usually originates from a known IP that can be temporarily suppressed or blocked by the target company as a response to the test. For a more thorough test or a red team exercise, however, this might not create a realistic scenario because attackers quite often leverage cloud platforms for their attacks.
Companies are simply too risk-averse to block an entire IP range or subnet from leading cloud providers like Amazon or Azure, potentially taking down legitimate services, which leaves an opening that is often exploited by more sophisticated attackers.
Perhaps one of the most obvious cloud security applications is the availability of secure storage.
One of the most important roles any security professional has is to ensure the availability and integrity of security logs. Not only are these logs critical from an operational perspective -- for reporting, analysis, threat hunting and correlation -- but most companies also need to adhere to compliance regulations about the retention of this data.
When it comes to cost per gigabyte and redundancy options, cloud offerings tick all the boxes. Being based on off-site storage, data is also much more secure in case an attacker tries to hide his tracks by directly targeting the logs.
Many more comprehensive security services are available that can leverage this cloud data storage, such as SIEM as a service, or even security operations centers as a service.
Proof of concepts
A cloud environment is a perfect platform on which to build and test systems without affecting a company's production environment. Security professionals in the architecture or design areas can quickly set up an environment to prove whether a specific outcome can be achieved; even attempting to troubleshoot an issue with a firewall cluster can be simplified in this way.
Using virtual machines and appliances running on virtual networks can help you avoid the delays and costs associated with sourcing test hardware and software for nonvirtual testing. Once the proof of concept is completed, the environment can simply be reset or removed.
This concept links in with penetration testing, as well; an application or environment can be cloned into a cloud instance where security exploits and their impacts can be safely tested, even during production hours.
Virtual labs and training
Every security professional knows that he or she has signed up for a life of training and learning. Whether this training is formal or informal, without it, the battle between new threats and new defensive technologies will be lost. Virtualization products such as VMware, VirtualBox, GNS3 and Hyper-V have enabled anyone to set up an affordable local training and test lab since the late 1990s.
The downside is that local virtualization requires high-end hardware. Cloud technologies, however, have made virtualization even more flexible without the need for any on-premises hardware. Amazon Web Services offers a free low-end environment for testing and, for a few dollars per month, many other providers offer virtual private server systems, as well.
Cloud services also significantly enhance accessibility to the platform. Vendors and specialized training providers offer training via a cloud model these days, greatly improving the accessibility of their offerings while reducing the requirements for the customer.
There is no way around these cloud uses; the cloud is here to stay and has become invaluable to any security professional.