This post is the fourth in a series of eight on five pillars to actionable cloud security. For the rest of the series, visit the Five Pillars blog page here.
This next step or pillar relies on first being able to determine who is allowed access and to what – and then detecting anomalies. Typically, Detection Controls focus on intrusion, more commonly known as Intrusion Detection Systems (IDS). These are automated, and are designed to monitor and analyze network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous. Some IDS controls go further: they will trigger automated processes that can include recording suspicious activity or scanning the computers involved to try to find signs of compromise.An IDS differs from a firewall in that the IDS looks for intrusions that 1) have already occurred 2) are currently underway, or 3) originate from within the network. ~ @rkturner1Click To Tweet
An IDS differs from a firewall in that a firewall looks outwardly for intrusions to stop them from happening in the first place. IDS looks for both intrusions that have already occurred (or are actively occurring), and for attacks that originate from within the network.
Because an IDS is watching the actual network traffic flow, it not only permits a more timely response to an active compromise, it also offers the capability to identify devices that are in imminent danger of compromise. In layman’s terms, this means identifying devices – or resources – with similar access profiles as those where the intrusion took place. IDS controls obviously require some kind of feedback loop with a security provider, to learn the latest malicious activities and recognize them when detected.
To develop an actionable Detection Controls pillar, customers must:
- Deploy detective controls at Layer 4 to Layer 7 and protect applications
- Understand how IDS differs from Firewall protections
- Have a thorough understanding of all monitoring and logging activities that are performed as part of in-place detection systems
In the next post we will discuss the third pillar, Network Security.Rich Turner lays out the three steps to an actionable Detection Controls pillar for your Azure security framework Click To Tweet
Rich is the Product Marketing Manager, Information Management. He's been with Barracuda since the acquisition of C2C Systems in 2014. Rich specializes in cloud-deployed solutions, information management, and archiving systems. His experience includes extensive work on OEM opportunities and the legal community.
You can email Rich at firstname.lastname@example.org.