eBooks

OreillyMultiCloudFinalEBOOK

Learn all you need to know about email best practices, deliverability, and tools with email whitepapers and ebooks.

Issue link: https://hub.dyn.com/i/1119883

Contents of this Issue

Navigation

Page 34 of 57

Asset Management at the Edge Before security teams can properly manage and protect the edge of the organization, they need to know what systems are out there. Good asset management is fundamental to good edge security. Secu‐ rity teams need to know what is deployed in each instance of a mul‐ ticloud environment and on what hardware each of those systems is running. Asset management should not be a static process. Just as the development cycle is no longer a static cycle, measured in six- month or year-long intervals, asset management should be dynamic with continuous monitoring of assets deployed to the cloud. One thing that all systems deployed to the edge have in common is that they are publicly accessible. This requires a different type of security strategy, compared to systems that are not deployed to the edge. Managing and securing edge devices requires security teams to distinguish between legitimate traffic and potentially malicious traf‐ fic. It also requires teams to block malicious traffic in real time. Iso‐ lation is far less feasible. The edge infrastructure is publicly accessible, which makes it a target. It might be a target of conve‐ nience, or it might be a malicious actor looking specifically to expose your organization's data. Either way, you need to closely monitor traffic hitting edge systems for potential attacks. Looking for known exploits alone is not enough. It's also important to look for malicious traffic that might not contain indicators of a known attack. Finally, your security team needs to be able to correlate malicious activity across all edge devices and internal systems. Attacks, espe‐ cially targeted attacks, no longer occur at a single point. An adver‐ sary will probe as many attack vectors as they can find. If the "security" for your edge devices sits in a console window separate from the rest of your security infrastructure, it can be difficult to make that correlation. The security team should be able to pull logs and traffic information from edge devices and quickly correlate that with other security incidents happening on your network. This ide‐ ally should happen within the security tools your organization pri‐ marily uses, whether that is a SIEM system, a managed security service provider (MSSP), or some other security tool. Building on the secure development principles discussed in Chap‐ ter 2, the first steps to secure the edge of your network involve good asset management of cloud infrastructure, effective monitoring of Edge Management Principles | 29

Articles in this issue

view archives of eBooks - OreillyMultiCloudFinalEBOOK