Can Your Cloud Security Be Too Smart?

Many companies are transitioning to the cloud. Cloud services offer highly available, cost-effective and flexible options for computing resources with a faster time to market. Organizations of all sizes are leveraging Amazon Web Services (AWS), and similar cloud service providers, to address a myriad of business needs.

Moving to the cloud is not without its risks. Securing the cloud environment - inside and out - has become a priority for IT teams. While most providers offer several different security solutions, protecting the cloud is a shared responsibility requiring a healthy dose of the holy grail: people, process and intelligence.

Many security vendors now offer cloud versions of their products. These systems do their best to detect or stop attacks within their unique scopes, but they cannot anticipate all cases. Simply put, attackers will get through, just like on a traditional physical network.

AWS on Wednesday announced GuardDuty, a security service that monitors AWS environments and triggers findings when dangerous, anomalous or unusual activity is detected. With GuardDuty, AWS customers can opt in to have their environment monitored, and then manage the findings and alerts generated from their cloud infrastructure.

Solutions like GuardDuty are a great start, but only one piece of a sound security strategy. Security events are increasing at an alarming rate and making sense of them is a growing challenge for overburdened security teams. The more your cloud infrastructure grows (good) the more security events you'll have to deal with (bad).

Which begs the question: Can your cloud security be too smart?

In many organizations, a multi-tier system exists for analyzing security events. The traditional tiering - one, two and three - is successful because it works. Your most experienced people spend their time on the most complex events. But how does this work with event analysis from your cloud security provider? How do you apply external intelligence to reduce event overload and focus your security resources where they provide the most benefit?

Trustwave Managed Threat Detection collects events from AWS GuardDuty and applies Trustwave SpiderLabs threat intelligence to help you understand which events truly need your attention. Using threat intelligence from the global Trustwave TrustKeeper platform, Managed Threat Detection is your tier-two intelligence service to help you triage AWS security events.

All AWS customers should seriously consider leveraging GuardDuty. It provides a strong foundation from which to build your cloud security infrastructure. But on-premises security history has shown that relying on a single solution is never enough. Organizations should always be on the lookout for ways to maximize all their cloud investments, including their cloud security investments.

Oren Shevach is a Trustwave product manager.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.