Core Tenets of a Cloud Native Security Platform (CNSP)
The first decade of the 21st century was characterized by a wave of organizations pushing to adopt infrastructure as a service (IaaS) platforms to harness the benefits of scalability, agility and reduced data center costs. Because the technology stack largely didn’t change, the contemporary security tools of the time were able to ride along for this transition and simply be “lifted and shifted” to run on those IaaS platforms.
More recently, however, we’ve entered a time defined by the adoption of platform as a service (PaaS) and cloud-native technologies, unlocking rapid software delivery realized through end-to-end automation. Cloud-native security tools quickly emerged to support these new technologies, but initially in a rudimentary form. These tools were sparse, only addressing individual parts of the problem, lacking proper integration and yielding incomplete security analytics. This forced security teams to juggle multiple tools and dashboards, creating blind spots and unmanageable complexity while increasing their organizations’ risk of breaches in the cloud.
As cloud-native application development redefined the way applications are built in cloud, it became time to redefine how cloud is secured. This led to cloud-native security platforms (CNSPs). CNSPs share context about infrastructure, PaaS services, users, development platforms, data and application workloads across platform components to enhance protection. These platforms include numerous distinct capabilities, which they deliver consistently regardless of other platforms or the specific cloud service provider (CSP) an organization is using.
Here’s an overview of these terms that make up a CNSP:
- Asset inventory automatically discovers cloud resources across multiple cloud accounts and CSPs, and maintains an audit trail of changes to each discovered asset throughout its entire lifecycle. This enables the foundational visibility and awareness necessary for any successful cloud security program.
- Configuration assessment offers continuous configuration risk assessment across an entire lifecycle by following built-in and custom policies to scan infrastructure as code (IaC) templates, such as Terraform® and CloudFormation, and offer automated remediation to rapidly fix issues in production.
- Compliance management monitors compliance posture across cloud environments and supports a vast library of compliance frameworks, providing realtime compliance monitoring and the ability to immediately generate audit-ready reports.
- Network security ingests network flow logs directly from CSPs, incorporates threat intelligence feeds, and uses deep understanding of cloud-native firewall rules to build a thorough, contextual picture of network risk. This enables detection of intrusions as well as more advanced threats, such as cryptojacking, malware-infected instances, lateral movement, and other types of advanced persistent threats (APTs).
- Identity and access management (IAM) security correlates user actions across environments and uses machine learning to establish behavior profiles. This is also known as user and entity behavior analytics (UEBA). It monitors for sensitive activities, such as root user activity, security group changes and IAM configuration updates, that may be signs of compromised credentials or malicious insider threats.
- Data security provides multi-cloud-ready data protection with hundreds of out-of-the-box cloud data classification rules that map to regulatory requirements and incorporate malware scanning capabilities.
- Vulnerability management monitors all activities and runtime production environments across containers, images, hosts and functions, and stack-ranks vulnerabilities and risks across the entire cloud-native infrastructure.
- Workload security provides prevention mechanisms coupled with detection approaches (behavioral or otherwise) to protect workloads (virtual machines, containers and serverless deployments) against application-level attacks during runtime.
- Automated investigation and response capabilities, directly integrated with SOAR offerings, are based on rich, contextual data from various sources within cloud-native environments. Coupled with granular forensic capabilities and analyzed with machine learning algorithms, these help expedite security incident investigations.
Click here to learn more about CNSPs.