Yesterday saw the launch of Cloud Defender, a hosted security intelligence technology from Alert Logic.
I recently had the opportunity to meet the company’s founder and current vice president of strategy and emerging products, Misha Govshteyn, to discuss what the company is offering to the UK, just a few weeks after opening its first security operations centre in the UK.
He said the company has been in operation since 2002 and was one of the first software as a service (SaaS) security players, as it did “IDSaaS” early on. As the whole premise was “the intrusion detection system by itself is useless, it needs to have a correlation engine built into it”, so it later added vulnerability and log management, and recently added a WAF with an acquisition.
He said: “If you look at the way the products are positioned, we cover every layer of the infrastructure and everything that runs in the data centre. We are not a mobile or endpoint security vendor, we care about endpoint to extent that there could be malware running on servers, but we are highly focused on enterprise data centre assets and mostly with the cloud, so 80 per cent of our customers are in the cloud or hosted environments, which is unique.”
I asked him if new customers come to the company looking at cloud-based security? He said that the common break-up is: people either looking for a blanket security solution as they have not realised that the cloud is materially different from what you do on premise, or for mobile devices or endpoints; or there are clients who do cloud-based deployments and have looked into the current security stack and realised it is a different ballgame.
“You cannot put a standard firewall into the cloud and you cannot have a standard client server deployment as everything has to support a ‘quicksand’ architecture where everything has to change at any moment,” he said. “Cloud security has to be purpose built for the cloud, and most people don’t realise it and they realise need to build a different stack completely.”
Govshteyn admitted that it is logical to have anxiety about having your data stored that is not internal or managed directly by you, but if you go layer by layer and look at the details, it does not hold up.
“Look at the certifications that Amazon maintain, there is not a single enterprise that could maintain the same level of compliance that Amazon does,” he said.
“Tell me an enterprise that could tell you when you touch all your servers and modify all your data – in Amazon you do and the level of visibility and control is higher and higher. In terms of facilities, it is there to build a more secure infrastructure and it blows away anything you can do on premise as most enterprises do just enough to get by, as it is so difficult to put each control in place.”
He said that the big problem with enterprises is that they cannot keep their networks up to date, they are full of vulnerabilities and everything is out of date. “As soon as they install a system, it is vulnerable and then patch it and then it’s out of date,” he said.
He claimed that it is “dramatically” better in the cloud, as you bring up a new system and close the old one, so manag
eability is better as well as more secure as there are fewer vulnerabilities, the number of attacks and variety is lower so environments are easier to manage.
Referring to its own report, Govshteyn said that the top three vectors for on premise are: brute force attacks, malware and reconnaissance incidents. “In the cloud it is web application attacks, brute force again and system flaws; you do need a different stack in cloud than on premise,” he said.
Although he did admit that cloud security does require a different skill set, as it finds that network security guys cannot make sense of application flaws. “In the cloud you have got to go full stack and you need something for the web layer, something for the systems and one for the network, and you cannot leave any one open,” he said.
He admitted that security as an industry is trying to solve a problem of addressing new threats with new solutions and tools, but users are learning about this for the first time, and it doesn’t make sense.
“Our customers ask what IDS and WAF is and we explain, and ask us which to buy,” he said. “Really they should buy both for both of those layers, and they ask why [they need] both products when essentially they do the same thing. We need to put a different product proposition in over time.”
While acronyms can be confusing, Govshteyn said that people have no idea what they are but love the complication as it assures job security, and if no one can figure it out then you have a job.
He said: “The problem we are trying to move away from is that fundamentally we don’t think that people can run their own infrastructure and it is too complex, so it should be integrated and managed and someone should be responsible for what they are working on, and for our customers it is us.”
Misha Govshteyn, vice president of strategy and emerging products at Alert Logic, was talking to Dan Raywood