sponsored

Cloud Security Alerts: Automation Can Fill Gaps in Multi Cloud Approach

Security teams can no longer handle the overwhelming number of security alerts. A look at how automation helps bring actionable intelligence amid the noise.

istock 630019720
iStock

Enterprise cloud adoption is accelerating, with most companies taking a hybrid approach that entails migrating workloads to the public cloud where possible, and keeping workloads in a private cloud where appropriate.

Public cloud adoption rates among enterprises have increased from 89% in 2017 to 92% in 2018, while private cloud adoption has risen from 72% to 75%, according to RightScale. Companies are running applications on an average of three different clouds.

The explosion of traffic moving outside of the network perimeter creates troubling security gaps. According to the Cloud Security Alliance (CSA), the most dangerous cloud-specific vulnerabilities are data breaches, weak identity and authentication management, insecure APIs, system and application vulnerabilities, and account hijacking.

In response to these threats, companies have deployed an army of security tools that, while helping to secure multi-cloud environments, also generate an overwhelming number of alerts.

“It is not humanly possible to look at all of these alerts, to make sense of them and make them actionable,” says Bindu Sundaresan, practice lead at AT&T Security Consulting.

There was a time, before cloud and mobile, when perimeter-based security was adequate and security teams could handle alerts on their own. But today, “you need automation to get actionable intelligence from your events,” she says.

For example, one way to identify anomalous behavior is to set a baseline of typical network traffic. But every time an organization adds a new cloud application or instance, traffic patterns change. Without automation, it’s impossible to keep up.

In addition, regulatory requirements call for companies to identify, classify, contain, and report any breaches with 72 hours – while keeping the business up and running. Again, automation can help speed up incident response.

Automated incident response is designed to handle lower-level processes, freeing up analysts to handle more complex situations.

According to Gartner, interest in security automation and orchestration tools is driven by “the challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise and budget.” Gartner predicts that by 2020, 15% of organizations with a security team larger than five people will be using automation and orchestration tools, up from less than 1% today.

Consider a managed service

Unless you have a fully staffed and funded Security Operations Center (SOC), it might make more sense to look into a managed security service. A managed service can provide security for your specific needs, and it can also leverage threat intelligence gleaned from analyzing a broad range of global threats.

The worldwide market for managed security is growing rapidly and is expected to reach $35.8 billion in 2020, driven by the need for companies to deploy advanced threat protection against increasingly sophisticated attacks, as well as pressure to comply with regulations, according to Global Industry Analysts.

Enterprises considering a managed security service need to make the same calculations that they made when considering whether to move to cloud computing. Which makes more sense: keeping things in-house and trying to do everything yourself, or going with a specialist? When it comes to protecting data in the cloud, the answer, increasingly, involves finding a trusted partner.

AT&T can help you with the complexity of cloud adoption and the security concerns around a cloud strategy. Find out more at AT&T Managed Cybersecurity Services.