The increasing complexity of datacenter infrastructures and the challenge of protecting them is shifting InfoSec professionals away from best-of-breed tools in favor of more automation and integration, according to new research from Intel.
An Intel survey published Feb. 12 found that 93 percent of companies use cloud services of some kind. Respondents predicted that, at this rate of growth within their own companies, it will take only about 15 months for the percentage of IT budgets spent on cloud to hit 80 percent. Last year respondents estimated 16 months.
The only thing slowing down that spending growth is a shortage of the skills needed to build, maintain and secure those cloud-based resources, according to the survey, which polled 2,000 executives from small, medium, and large-sized companies in 12 countries.
“The ‘Cloud First’ strategy is now well and truly ensconced into the architecture of many organizations across the world,” said Raj Samani, EMEA chief technology officer, Intel Security, which conducted the study.
A huge amount of that spending — 40 percent, according to the survey, comes from business units buying cloud services without help from or consultation with IT. IT departments are able to see and monitor only about 47 percent of those services, according to respondents, 65 percent of whom said the complexity, lack of visibility and lack of IT control all contribute to making corporate clouds almost impossible to secure.
The only way to secure complex distributed infrastructures is to use cloud technologies against the things that threaten it, he said.
Specifically that means using cloud-based services to make the clouds themselves self healing and self defending. It is done using automation that allows malicious code, spam and other threats to be scrubbed or rendered harmless on the fly — while the end user is still waiting for an infected page to load, for example, according to Shachaf Levi, cloud Security Architect for Intel, writing in a Feb. 1 blog.
Together is Power
A suite of integrated solutions designed to detect anomalies and respond automatically to a host of potential threats is a core part of the slew of products Intel Security (formerly McAfee) introduced At the RSA Conference on cybersecurity Feb. 13-17 in San Francisco
The suites are built around the McAfee Enterprise Security Manager 10 (ESM) and McAfee Virtual Network Security Platform (vNSP).
The job of ESM — an advanced security information and event management (SIEM) is designed to detect, analyze and launch alerts in real time about potential attacks, according to Intel.
“ESM’s new integration capabilities are making it easier than ever to create a unified security architecture with best-of-breed components that work well together,” according to David Shackleford author of a 2013 review of the 9.2 version of ESM published by The SANS Institute, an advanced security training organization.
The new version of ESM takes integration even further by adding Cloud-Based Threat Analysis, intrusion protection and network protection of AWS workloads and other public-cloud platforms — all able to run automatically once users configure rules, policy and integration. Also available are integrations with products and services from partners of Intel’s Security Innovation Alliance and Cyber Threat Alliance, including ThreatConnect, Rapid7, Proofpoint, Niara and other providers of analytics, threat information, intrusion protection and other services.
Connecting the Pieces Through Alliances, Middleware
“Our research and customer discussions have underscored the need for trusted partners that work cooperatively to reduce the burden of fragmented technologies and help organizations stay focused on securing their business assets and productivity,” according to Intel.
Intel also introduced new capabilities for its SGX hardware-based encryption products, and expanded the number of connections available through its OpenDXL, which uses a middleware-like software layer called the McAfee Data Exchange Layer to integrate many products through the same data layer rather than connecting them individually.
Adding integration with the Cyber Threat Alliance Platform (CTAP), Intel Security gets a single point of integration for advanced threat intelligence it can make available in its own products. CTAP was designed specifically to allow members of the CTA to share threat intelligence quickly to allow for timely preparation and response, without compromising the sources of that data.
“Our survey indicated 74% of organizations are storing sensitive data in the public cloud,” he wrote in a Feb. 12 blog. “This leads us to believe that the demand for data visibility and protection skills will be on the rise. Data protection requirements demand that the data controller (enterprise) must ensure that the data processor (service provider) still has the appropriate controls in place” whether or not business units buying the service thought to ask about it first.