Micro-segmentation is critical in ensuring security in the cloud. It addresses the gaps in visibility and control of traffic at the virtual machine level.
2. Network Behavioural Analysis
The next generation of security needs to "identify attacks as they are happening". This is where behavioural analysis can step in and be used as a real-time security defence tool. Today, companies are effective at identifying attack patterns but they are not sophisticated enough to convert their threat correlation analytics into actionable events, such as creating dynamic policies to quarantine a suspicious internal host, or creating a firewall policy to block access to a destination IP and a specific application.
Network Behavioural Analysis enables the continuous monitoring of traffic so that network risk can be tracked in real time. Using an established benchmark for normal traffic, it flags and deals with any abnormalities in user and application behaviour within the network, spotting zero day attacks and malware.
3. Statistical Clustering
Instead of searching for explicit signatures, it analyses the behaviour of malware and looks for recurring combinations of actions that are strongly related to known malware. When a close match is detected the system will send an alert and provide a complete description of the malware, including packet captures. It also provides a confidence level and a severity level so that the administrator can take remedial action.
At the end of the day, however sophisticated the technology, organisations should always be looking at a holistic product and internal network products should complement existing technology to create an agile, active and complete security strategy that not only protects a network, but also proactively seeks out and eliminates threats. This ensures every single layer and virtual machine within a network is covered and security breaches get identified as quickly as possible.
Sign up for CIO Asia eNewsletters.