Almost every infrastructure consists of a large number of building blocks. Each block has its own purpose or function. Where connectivity is the key, security components are used for specific purposes (eg. proxies, firewalls, malware scanners, endpoint security, web application firewalls, load balancers, etc).
Due to the number and the diversity of those products, it is more difficult to control them. Therefore, every weak link is a challenge to the operational team with a direct influence on the company.
Together, we take major steps in the area of virtualization (in a hybrid cloud environment) and scalability. Not only servers, but also networking (switches) and security devices and services are being virtualized.
What is the short term solution?
API driven infrastructures can offer a short-term solution. That means that we must use the API’s intensively to configure, integrate and monitor. Components that support API’s (and not only a basic functionality) are of course indispensable as well as devOps skills. Altogether, API support is a requirement in each offer and architecture design.
Logging & visibility and the necessity of Machine Learning
All those components demand different logging. The logging in a virtualized (public cloud) environment can be quite different from what we know so far (mostly syslog). Therefore, we need a good automation and smart intuitive engines.
At the RSA Conference, Machine Learning Techniques was an important subject. It can help us to continuously improve this process and to create an efficient set of tools through techniques such as Artificial Intelligence (AI).
To achieve this, we need the right skills and dedicated employees to perform the security operations successfully.