READ TIME: 2 min. 41 sec.
tl;dr: Long ago, enterprise IT created techniques to acquire, monitor and troubleshoot security threats in the data center. But the costs of managing this process remained the IT budget’s kryptonite thanks to purchasing, licensing fees and that soft, but often extreme, cost of human capital. Now, as apps and resources are migrated to the public cloud, how can automation help keep staffing costs to a minimum? Cloud agents that acquire, process and distribute packets might just be the super hero in the cloud.
IT leaders know about the many fixed costs that come with turning on cybersecurity detection in their data centers. In that traditional data center, where racks of equipment and capital investment hum, IT teams regularly use detection-based security tools to prevent threats, identify potential hacks and analyze traffic patterns. So organizations budget for both the purchase price and licensing fees associated with deploying these vital security tools.
But there are additional hidden expenses, including the time it takes to manage these tools and the people resources required to keep the network system free from hacks and threats. These hidden costs to triage threats, rebuild compromised machines, and issue emergency patches can be significant and hard to curtail.
In the public cloud, however, the ability to tackle hidden costs becomes easier thanks to automation. Organizations migrating apps and resources to the cloud quickly discover that the logs provided by these networks aren’t adequate. As they have done in the data center, SecOps must be able to acquire, process and distribute packets in the cloud to ensure confidence and maximize these cloud resources – all while reducing human resource costs associated with managing security.
Consider this hypothetical situation.
A request comes in to the SOC team. SOC says they will use a security tool to troubleshoot. They log in and use the tool to provide detailed analysis and respond to the request. Normal operating procedure in the data center. Right?
Now let’s apply this scenario to the public cloud.
What if the IT organization could eliminate this request/response situation entirely? Instead of opening a ticket and relying on human resources to capture and analyze cloud packets, create a report and respond to the request, the entire process is automated?
The capability to take cloud security to the self-serve level is here today. The enterprise IT function can operate in the cloud with the confidence it requires by simply deploying cloud agents designed to acquire, process and distribute packets. It’s cost-effective, seamless and efficient. And it works!
Using key value pairs in AWS, for example, SecOps can use AWS tags to identify targets for visibility capture, netflow generation, or other services, along with a cloud agent (Nubeva Prisms) to mirror traffic from that endpoint. Packets are then captured and sent to the appropriate security tool – giving the team detailed insight into the issue in question.
IT organizations can further reduce human capital costs by pre-building the policy with Nubeva Prisms agent. When DevOps needs to troubleshoot a security issue, the team logs into the AWS console and adds an AWS tag. Within seconds Nubeva Prisms reads the tag and begins sending corresponding packets to the tool so DevOps can troubleshoot. SecOps is hands off – they simply provision the AWS tag. This fire-and-forget process saves time and additional staffing resources often required for 24/7 monitoring and analysis.
The savings is in the automation. When IT organizations can automate and simplify how they monitor the apps and resources in the public cloud, it stops being a burden and starts leveraging the benefits of using the cloud in the first place!
To learn more about how Nubeva Prisms technology enables acquiring, processing and distributing of cloud packets to security tools, visit us at www.nubeva.com.