For the last several years, an increasing number of organizations across the world have been realizing the benefits that virtualized infrastructure can offer. So much so that recent numbers show 80% of organizations have already adopted a multi-cloud strategy. As a managed service provider (MSP) who has been driving public and private cloud-based solutions for over six years, cloud technology is at the forefront of our go-to-market strategy with clients. ECS partners with leading cloud service providers (CSPs) like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud to support these clients at every stage of the cloud adoption life cycle. What we’ve found throughout this time is that as users rush to adopt cloud into their short-term strategies, security is often left as an afterthought in an attempt to maintain the key business advantages they sought in the first place. This is the mentality that ECS is aiming to change.
At ECS, our job is to make sure that security helps to enable business in the cloud, not inhibit it. As a result, one of the key technologies we’ve been implementing with our clients is a virtual intrusion prevention system, or virtual IPS (vIPS), allowing us to expand protection across virtualized environments.
Shared responsibility: who’s watching?
The cloud service shared responsibility model proposes that CSPs and consumers share the burden of security in the cloud. A common misconception about the CSP’s role is that the provider automatically watches the traffic to your assets and will help stop a suspected attack. In practice, CSPs are focused on enforcing rules that you, the asset owner, define at the network level.
Even after you and your security team configure your CSP to track traffic volume across your network, a challenge remains: you’re still in the dark about some critical details. What is the type of traffic or traffic payload flowing through your network? Is the traffic malicious? Here’s where your virtual IPS can shed some light.
Why vIPS matters
An intrusion prevention system goes beyond the basic security features of your CSP or traditional network security products by digging deeper into your east-west traffic and evaluating that traffic for context. When deployed between your web server and database, an IPS can give your security team a real-time view of the east-west traffic flowing through your network. Using advanced inspection technologies like full protocol analysis, threat reputation, behavior analysis, and advanced malware analysis, vIPS can help detect and defend against known and unknown zero-day attacks. Your team will be able to quickly discover and block threats in virtual architectures to help protect workloads and restore confidence in the cloud.
How we can help
As a certified MSP of McAfee solutions, we deploy and support the McAfee Virtual Network Security Platform (vNSP), McAfee’s virtual IPS solution for AWS, and Microsoft Azure environments. Whether you already own McAfee vNSP or are doing your market research, security in the cloud just got easier. We have successfully extended our clients’ network security stance and governance into Amazon and Microsoft Cloud environments along with their on-premise virtualized infrastructure. We have deep expertise interfacing with customer DevOps and IT teams to ensure deployment and operations success.
Here are a few things to consider if you are looking to deploy a virtual IPS solution:
- Whenever implementing a virtual IPS solution, be sure to add exclusions to your endpoint security or virtual network ACL’s to ensure a smooth deployment.
- Leverage your existing automation to rapidly scale a new deployment. For example, bake the virtual IPS agent into your DevOps playbook or leverage existing infrastructure, such as McAfee ePO or Cloud Workload Security, to easily deploy to your virtual assets.
- An analyst best practice would be to create signatures designed to catch unauthorized meta-data reconnaissance activity: in other words, catch malicious actors operating in your environment.
Find out more
The ECS cyber team is a McAfee Managed Service Provider delivering McAfee vNSP to customers of all sizes, in the public sector and commercial markets. Find out more by contacting our team at cyber@ECStech.com.