CyberEye

By Patrick Marshall

Blog archive
Lightning strike from a cloud

Can the cloud provide the best strategy for security?

Security is evolving from a do-it-yourself operation — loading software on a device or attaching a box to a network — to managed, hosted services leveraging the anytime/anywhere scalability of the cloud for large-scale analytics that were not practical before.

No one yet is seriously suggesting getting rid of firewalls and antivirus detection, but it has been painfully obvious for some time that by themselves, they are not adequate protection. Intelligence-based security is being touted as the way to counter more complex attacks against high-value targets, and the emergence of cloud computing now offers a way to gather enough intelligence and analyze big data fast enough to effectively spot malicious activity.

“We do not look for malware, we do not look for exploits,” said Dmitri Alperovitch, CTO of CrowdStrike, which has announced its first cloud-based security offering. “We look at what is being done, rather than how.”

The CrowdStrike Falcon Platform is one of the latest in a growing number of services offering security from the cloud, rather than security for the cloud. Another recent announcement in this field is the integration of global attack data into Risk I/O's cloud-based platform, which uses big data and predictive analytics to help prioritize vulnerability data. Other companies with cloud-based security services include the Appthority, Check Point, Fortinet, Okta, Symantec, Veracode and Zscaler.

Moving security out of the box and even out of the enterprise can help to address a new generation of adversaries using layered attacks to methodically find weaknesses, penetrate systems, escalate privileges and then quietly observe and export data. Intelligence is needed not just to detect these attacks, but to respond to them.

In the past, knowing who you were up against wasn’t necessary to security. You spotted the attack, and you blocked it. But, “if you are being targeted by a determined adversary, they are not going to stop because you block them,” Alperovitch said. “They are going to keep it up until they get in. They can spend years at it.”

CrowdStrike’s approach to active defense has a decidedly military and intelligence flavor. It takes a strategic view with an emphasis on knowing your enemy, not just the weapon. Most of the more than 4,000 organizations tracked for its Adversary Intelligence database are nation-sponsored. Its goal is not to stop every malicious attempt.

“You can’t block every attack,” Alperovitch said. “And sometimes blocking is not the best strategy.” If you spot and identify someone engaged in spying or espionage, the best strategy might be to string him along and watch him, “to better understand his tradecraft.”

The goal is to raise the bar for attackers, making their craft more difficult and expensive. This can mitigate one of the great advantages attackers have; it is dramatically cheaper to launch an attack than it is to defend against it, resulting in a very high return on investment for successful attacks. Recognizing sophisticated techniques “doesn’t eliminate all activity, but it dramatically raises the cost of intrusion,” Alperovitch said.

It is too early to say what impact the cloud and big data analytics will have on security, and it’s a pretty safe bet that it won’t solve every problem. But it is an attractive option for concentrating resources where they are most needed.

Posted by William Jackson on Jun 20, 2013 at 6:02 AM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.