云安全实践落入攻击者之手

Check Point Software Technologies 7月份调查的650名网络安全和IT专业人士中，超过80%的人表示，他们的传统安全解决方案要么根本不起作用，要么只能在云端提供有限的功能。

该公司云产品线负责人TJ Gonen表示，这表明，企业的云迁移和部署速度超过了安全团队抵御攻击和漏洞的能力。

Gonen说：“他们现有的安全解决方案只能针对云威胁提供有限的保护，团队往往缺乏改进安全和合规流程所需的专业知识。”。

安全和效率滞后

然而，问题不在于缺乏工具。Gartner预测，2020年全球云安全工具支出将达到5.85亿美元，比2019年增长33%。

云安全联盟（CSA）的联合创始人兼首席执行官吉姆•雷维斯（Jim Reavis）表示：“我们正处于一场网络军备竞赛中，这场竞赛催生了一场安全工具竞赛，对手不断演变的攻击迫使我们花更多的钱试图自卫。”。

雷维斯说：“我们的默认反应是采用新的工具来跟上，但我们正在输掉这场比赛，因为对手继续超过防守方。”我们正在增加业务和人员成本，但在某种程度上降低了安全和效率。事实上，我们复杂而昂贵的行动增加了对手成功的可能性。”

CSA确定了它认为的一个关键差距，即缺乏将安全工具的输出与部署的威胁情报轻松利用和融合的能力。

有五个问题阻碍了这种能力的发展：

•安全技术和对手的快速变化；

•供应商将重点放在“单一窗格”或直观地表示事件数据的仪表板上。这里的问题是，事件数据的丰富性和多样性以及恶意活动的速度不容易在一个仪表板上表示。因此，买家不愿意承诺一个单一的窗格，因为他们投资于培训他们使用的各种安全产品。

•没有易于实现的交换协议和数据标记本体。

•由于不同的格式和协议、管理重复和编校以及理解上下文的重要性，很难集成和处理来自不同安全工具和情报来源的不同数据集；以及

•从使用软件和产品来保护系统，转向关注数据系统生成的数据。

全球安全和欺诈分析公司Gurucul的首席执行官sarunayyar告诉technewswold，CSA的评论“总体上是有效的，但不应该被当作一个笼统的声明”。

“从概念上讲，一块玻璃可以把所有重要的信息直接放在视野中，”她争辩道它让分析师专注于他们工作中最重要的事情。正确配置后，单个窗格将根据每个用户的角色在单个位置显示相关信息，并允许用户根据需要深入查看特定事件、风险、威胁等，而无需丢失上下文或交换工具。”

云安全的新方法

CSA上个月表示，它需要“打破20年前设定的周期，为网络防御奠定新的基石：基于云的、以数据为中心的防御”。

论文指出，使用以数据为中心的防御、集成和自动化工具和整体架构，需要修改网络安全背景下的智能含义，构建网络内存，构建和维护安全、智能的生态系统。

情报“必须被定义为一个组织的能力，以规范化，转变，并自动提取可采取行动的洞察力和背景，从内部安全工具和外部来源，以减少平均时间来发现和回应。”

建立一个网络内存需要调用从内部安全工具和外部威胁无缝收集的事件数据，而不是单独处理每个事件。机器学习应该用于识别模式，以便更有效地处理恶意活动。

安全、智能的生态系统是基于云的内存库，不断融合和丰富来自内部安全工具和外部来源的数据。这些丰富的数据可以自动更新网络防御工具或进行分类，以便分析员采取进一步行动。单个生态系统的数据可以与其他公司或组织共享，以形成一个协作防御生态系统。

文章指出：“这不是对单一产品的呼吁，而是一种新的思维方式，即使用‘智能’来集成和自动化企业内部和企业之间使用的安全工具和来源的数据工作流，以创建智能生态系统。”。

Check Point的Gonen说，企业“需要在其所有公共云环境中获得全面的可见性，并部署统一、自动化的云本地保护、法规遵从性实施和事件分析”，以弥补安全漏洞这样，他们可以跟上业务需求的步伐，同时确保持续的安全性和法规遵从性。

原文题：Cloud Security Practices Playing Into Hands of Attackers

原文：More than 80 percent of 650 cybersecurity and IT professionals surveyed by Check Point Software Technologies in July said their traditional security solutions either do not work at all, or only provide limited functions in the cloud.

This indicates that organizations' cloud migrations and deployments are racing ahead of their security teams' abilities to defend against attacks and breaches, according to TJ Gonen, head of the company's cloud product line.

"Their existing security solutions only provide limited protections against cloud threats, and teams often lack the expertise needed to improve security and compliance processes," said Gonen.

Security and Efficiency Lagging

However, the problem is not a lack of tools. Gartner forecasts global spending on cloud security tools for 2020 will be $585 million, 33 percent more than in 2019.

"We are in a cyber arms race that has precipitated a security tool race with adversaries' evolving attacks forcing us to spend more to try to defend ourselves," said Jim Reavis, co-founder and CEO of the Cloud Security Alliance (CSA), which promotes the use of best cybersecurity practices in cloud computing.

"Our default response is to adopt new tools to try to keep up, but we are losing this race as adversaries continue to outpace defenders," Reavis stated. "We are increasing operations and personnel costs, but somehow decreasing security and efficiency. Our complex and costly operations are, in fact, increasing the probability of adversaries' success."

The CSA identified what it considers a critical gap to be the lack of capability to easily leverage and fuse output from security tools with threat intelligence deployed.

Five issues prevent the development of this capability:

• The fast pace of change in both security technologies and adversaries;
• Vendors focus on a "single pane of glass," or dashboard that visually represents event data. The problem here is that the wealth and diversity of event data and the pace of malicious activity are not easily represented on one dashboard. Therefore, buyers are reluctant to commit to a single pane because they invested in training on the various security products they use.
• There is no readily implementable exchange protocol and data-labeling ontology.
• Integrating and processing disparate data sets from different security tools and intelligence sources is difficult due to different formats and protocols, managing duplicates and redactions, and the importance of understanding context; and
• The shift from using software and products to secure systems, to focusing on the data generated by the data systems.

The CSA's comments are "valid in general but shouldn't' be taken as a blanket statement," Saru Nayyar, CEO of global security and fraud analytics company Gurucul, told TechNewsWorld.

"Conceptually, a single pane of glass can put all the important information directly in view," she contended. "It lets analysts focus on what's most important to their job. Properly configured, a single pane presents the relevant information in a single location based on each user's role, and allows the user to drill down into specific events, risks, threats, et cetera, as needed -- without losing context or needing to swap tools."

New Approach to Cloud Security

IT needs to "break the cycle set twenty years ago and place a new cornerstone for cyber defense: cloud-based, data-centric defense," the CSA stated last month.

Using data-centric defense, integration, and automation of tools and overall architecture requires revising what intelligence means in the context of cybersecurity, building cyber memory, and building and maintaining secure, intelligent ecosystems, the paper states.

Intelligence "must be defined as an organization's capacity to normalize, transform, and automatically extract actionable insight and context from internal security tools and external sources to reduce the mean time to detect and respond."

Building a cyber memory involves recalling event data gathered seamlessly from both internal security tools and external threats, instead of dealing with each event separately. Machine learning should be used to identify patterns to more effectively and efficiently address malicious activity.

Secure, intelligent ecosystems are cloud-based memory banks that continuously fuse and enrich data from internal security tools and external sources. This enriched data can automatically update cyber defense tools or conduct triage for further action by analysts. Data from an individual ecosystem can be shared with other companies or organizations to form a collaborative defense ecosystem.

"This is not a call for a singular product but a new mindset to use 'intelligence' to integrate and automate data workflows from security tools and sources used within and between enterprises to create intelligent ecosystems," the paper states.

Enterprises "need to get holistic visibility across all of their public cloud environments, and deploy unified, automated cloud-native protections, compliance enforcement and event analysis" to close the security gaps, said Check Point's Gonen. "This way, they can keep pace with the needs of the business while ensuring continuous security and compliance.