Shared Responsibility Model, Security Framework and Applying AI Deep Learning
With agentless implementation, automated pre-trained AI models, and automated threat defense that requires no post-analysis human triage, Blue Hexagon can be up and running quickly, providing immediate value to your organization.– Gajraj Singh, CMO and and Arun Raman , VP
Migration to the cloud. If your organization hasn’t already made the move, you likely will in the very near future. Whether for hosting data, providing services and applications to remote employees, or simply streamlining IT and security, the cloud is increasingly the center of corporate operations. And, platforms such as Microsoft Azure are the foundation of these new systems.
Cloud migrations create entirely new cybersecurity issues for organizations. While cloud providers place great emphasis on security, hackers and cybercriminals frequently remain a few steps ahead. Not only do attackers innovate rapidly, constantly finding new ways to exploit network and cloud service vulnerabilities, but hackers also continually increase the frequency of their incursions.
What many companies don’t realize when they move to a cloud platform is that security is not the sole responsibility of their cloud providers. Instead, organizations retain substantial responsibility for securing their networks, workloads and services. Even companies that do understand their obligations are often not well-equipped to meet the challenge. Some lack staff due to the talent gap among cybersecurity professionals, some lack sufficient resources to develop effective cybersecurity programs, and some are simply using the wrong or poorly designed tools for their cloud needs.
But there are effective solutions to help companies manage the security of their cloud workloads simply and effectively. The Blue Hexagon Cloud Security platform couples advanced deep learning techniques with agentless implementation to give Microsoft Azure users a comprehensive, highly effective, and immediately available modern toolset for threat detection and remediation.
Shared responsibility model in Microsoft Azure
Organizations employing cloud workloads need to comprehend their responsibilities for security fully. And, the level of responsibility varies depending on the types of cloud services in use.
Cloud providers are always responsible for the security of their own physical infrastructure. According to research done by Freshbooks, nearly three-quarters of companies that have not migrated to the cloud cited data security risks as their chief reason for not making the transition.
It’s true that the more control cloud users retain over their cloud systems, the more security responsibility they have.
For example, companies with infrastructure-as-a-service (IaaS) platforms must carry the entire security burden for operating systems, network controls, applications, and identity and directory services. In contrast, software-as-a-service (SaaS) platforms have a more limited range of responsibilities for the company. With SaaS, the company and the cloud provider share security obligations for services such as identity and directory infrastructure.
Microsoft provides a summary of the full scope of the shared responsibility paradigm on their Azure website.
Weaknesses of existing security platforms
Further complicating the process of securing corporate systems is the limitation of the currently available range of legacy security tools. Many existing platforms for on-premises network protection are of limited effectiveness in protecting cloud workloads. And, even many initial versions of cloud-first security tools are falling behind due to outdated analytical methods or cumbersome and difficult configuration and management.
Cloud Security Posture Management (CSPM) tools, for instance, currently are in wide use for identifying cloud configuration faults. But, many first-generation CSPMs have their own shortcomings. They frequently provide security staff with large numbers of potential issues that are often not actionable. More problematically, they cannot identify runtime risks or threats. Indeed, many early-stage CSPM vendors are scrambling to provide some coverage during runtime but have limited ability for real-time traffic and file inspection and analysis at runtime.
Cloud Workload Protection Platforms (CWPP) focus on securing server workloads in IaaS systems. But most are typically agent-based and challenging to deploy uniformly in the cloud. And, the agents themselves are susceptible to (supply-chain and other vulnerability) attacks. Moreover, CWPP management can be quite difficult.
Lastly, on-premises security tools such as Network Traffic Analysis (NTA) also have limitations when applied to ephemeral cloud workloads. Among other issues, NTA in the cloud environment is noisy and requires extensive manual tuning.
So, how can Azure clients effectively secure their cloud environment?
Meet your security responsibilities with Blue Hexagon Cloud AI-Security
Blue Hexagon applies highly advanced deep learning methods in an agentless implementation for effective, real-time risk assessment in VMs, containers, Azure Kubernetes Service, and Serverless functions.
Blue Hexagon offers several advantages over current versions of available tools such as first-generation CSPM and CWPP, giving Azure clients more rapid and thorough cloud security control and visibility as well as threat assessment and defense, including zero-day malware.
- Agentless – Because Blue Hexagon collects data through cloud-provider APIs rather than relying on agents, it is simpler to implement and more secure than other tools. Blue Hexagon seamlessly embeds on the compute, network and control planes, without the additional management typically required for agents.
- Advanced AI Deep Learning – Blue Hexagon’s deep learning engine processes millions of traits from the compute, network, and control planes and adds context from more than 150 continuous security misconfiguration checks to provide advanced threat and misconfiguration detection. Unlike other security tools, the deep learning engine does not require time-consuming and ineffective baselining processes or alert tuning. It also outperforms other anomaly detection methods because its contextual analysis allows it to specifically identify and name threats, saving your security team time and effort.
- Comprehensive Threat Detection – Blue Hexagon has a wide range of advanced threat detection features that effectively identify advanced tactics such as command-and-control (C&C or C2) beaconing, data exfiltration over regular or alternate channels, and resource access and abuse. And, because of its deep learning analysis of Azure Activity and NSG Flow logs, it can quickly identify unauthorized activities such as account discovery, asset enumeration, privilege escalation, updates to security controls such as security groups and ACLs.
- Autonomous Response – Blue Hexagon includes native, fully autonomous response that can stop threats immediately upon detection. It coordinates with other cloud-native integrations, including Azure Sentinel and Defender ATP, to provide orchestrated real-time attack defense and remediation.
- Consolidated Dashboard – Blue Hexagon consolidates security logs and metadata across even complex multi-cloud environments and posts its results and recommendations in a single easy to understand user dashboard. The dashboard provides suggestions for correcting misconfigurations and allows coordination of threat remediation with both Azure native and ecosystem security services.
With agentless implementation, automated pre-trained AI models, and automated threat defense that requires no post-analysis human triage, Blue Hexagon can be up and running quickly, providing immediate value to your organization. To find out more about how Blue Hexagon can help you secure your Microsoft Azure cloud environment, visit the Blue Hexagon website.
Protecting the Azure Cloud is just one of the applications of the Blue Hexagon Cloud-Native AI-Security Platform. This same platform powers the Blue Hexagon Agentless Multi-Cloud AI Security, which provides actionable visibility, real-time threat defense, and continuous compliance for your entire cloud environment in AWS, GCP, and Azure. It is platform-agnostic, works in real-time, and can be configured for an autonomous response.