Static Cloud Security Is Obsolete; Long Live Continuously Adaptive Cloud Security!

May 17, 2016 — by Haim Zelikovsky0

main

Cloud SecuritySecurity

Static Cloud Security Is Obsolete; Long Live Continuously Adaptive Cloud Security!

May 17, 2016 — by Haim Zelikovsky0

Successfully protecting against web-based attacks is like trying to win a game that keeps changing its rules all the time… only nobody tells you what the new rules are! Static cloud security services cannot help you win the web security game. Only cloud security services that continuously and automatically adapt to the rapidly evolving threat landscape and protected assets can assure you are well prepared to anything that will be thrown at you… even as the rules continuously change!

In the web security arena, everything changes very fast. The threat landscape rapidly evolves. Zero-day attacks are launched on a daily basis, exploiting newly discovered vulnerabilities for which signature are not available yet. Attackers hide their attack vectors, and scraping bots hide their identities behind CDNs and dynamic IPs, avoiding any simple blacklisting technique trying to block them. In such a rapidly evolving battleground, static cloud security services cannot protect you. Static cloud security services utilize negative security models that identify attacks based on the signatures of attack vectors, and block attackers and bots using IP blacklisting mechanisms. Unfortunately, that can’t help you with zero-day or dynamic IP attacks.

Meanwhile, the assets you need to protect are notoriously changing all the time, continuously introducing new vulnerabilities that may be exploited by attackers. With static cloud security services, you have to tell whenever you launch new applications or introduce changes into existing ones, and manually change your security policies accordingly. This manual process quickly gets out of control as developers that use continuous delivery methods launch release new versions on a daily basis. As a result, your protected assets are introduced with new vulnerabilities that static cloud security services cannot detect and mitigate.

[You might also like: Cloud-Based or Provider-Managed DDoS Mitigation: Which is Right for Your Organization?]

So how do you win a game in which the rules keep changing all the time?

It’s simple. All you need to do is to implement a cloud security service that continuously and automatically adapts to the evolving threat landscape and protected assets. You can’t do that with static cloud security services. To make sure you are continuously protected, you’ll need a cloud security service that implements a positive security model, which means it can tell what your legitimate traffic looks like, and then block anything else. This would get you full protection from zero-day attacks, and from attacks using dynamic IP techniques. In addition, a continuously adaptive cloud security would automatically identify new applications that you launch, analyze their potential vulnerabilities, and tailor them an appropriate security policy.

Radware Cloud Security Services are the first continuously adaptive cloud security service. With positive security models and behavioral analysis technology, they provide automatic protection against zero-day attacks. With IP agnostic fingerprinting technology, attackers and bots are blocked even when they try to hide behind CDNs and dynamic IPs. New applications are automatically discovered, and security policies are automatically created for them. This way, Radware Cloud Security services keep you protected… even while the rules of the games keep changing!

cloud-adoption

Read “7 Things to Look for in a Cloud Security Service” to learn more about how the expanded portfolio of cloud security services continuously adapts in step with evolving threats and ongoing development of applications.

Download Now

Haim Zelikovsky

Haim is responsible for the cloud services business of Radware. Prior to Radware, Haim was Head of Cloud Security Services at Check Point where he established and led Check Point’s cloud services unit. Before that he was Vice President at Amdocs, where he was responsible for Amdocs’ core products, and Vice President at Comverse, where he established and led the Content Delivery business unit. Haim is also an avid entrepreneur, and founded several start-up companies across the last two decades. Haim holds an MBA from Tel Aviv University, and an MSc from Swinburne University of Technology.  

Leave a Reply

Your email address will not be published. Required fields are marked *