Learn all you need to know about email best practices, deliverability, and tools with email whitepapers and ebooks.

Issue link: https://hub.dyn.com/i/1119883

Contents of this Issue


Page 42 of 57

and alerting. Bringing logs from the multicloud environment into an existing log collection system makes the most sense because your team is already comfortable with the tool. The log aggregate tool makes your life a lot easier and makes your security team much more effective because it takes the disparate log sources, normalizes them, and presents them to the security team in a manner that is standard across all systems and providers. This normalization and standardization allows security teams to better monitor and prioritize alerts. Instead of running around trying to fix every alert that comes through, the team can focus on the highest priority alerts first and work its way down the list. To truly enhance the effectiveness of your security monitoring solu‐ tion, consider sending asset and vulnerability scan results to your log aggregate system (assuming it supports that type of data). This will allow for an even more effective correlation. For example, if your SIEM system alerts you to a potential XSS attack against your web application, you can quickly pivot to asset information to see whether the target system is running any applications that are vul‐ nerable to that type of attack. The answers to these questions enable teams to assign the most accurate priority level to the alert and respond accordingly. Your chosen logging platform should use data analytics technology to process incoming logs and parse those based on the priority of the event, adding additional weight to the event if it can be correla‐ ted across multiple systems and across multiple cloud providers. Using those same analytics, the log aggregate platform can help reduce the number of high-priority alerts from hundreds per day to dozens. Just as containers help organizations seamlessly deploy complex sys‐ tems across multiple cloud providers, an effective log aggregation tool provides the same picture of a security alert across all systems and cloud providers. Allowing your incident response (IR) team to deal with an incident in a more efficient fashion, hopefully stopping the attack before it can do any damage. Conclusion Multicloud environments come with their share of security chal‐ lenges. That's why security should be factored in to the architecture Conclusion | 37

Articles in this issue

view archives of eBooks - OreillyMultiCloudFinalEBOOK