Understanding the threat landscape and the kinds of security incidents – from reconnaissance and scanning to outright attacks – helps your security posture. That’s why technologies like intrusion detection are so widely used – with visibility into who’s hitting your network and what they’re trying to do, you are equipped to respond to attacks and harden your infrastructure.
But when you’re only looking at your own environment, it’s easy to miss important data. How do you know when a specific host is a known source of malicious traffic, or create signatures for the latest attacks before you’ve experienced them? For example, if a set of hosts has been responsible to launching SQL injection attacks against web applications at other organizations, it’s useful to know that and to block traffic from those IPs.
It’s no surprise, then, that information sharing is a hot topic in the IT security world. For example, Gartner is working on a project on information security practices, and security industry leaders have identified sharing and cooperation and key to protecting infrastructure. There are challenges to any organization participating, though. What data is being shared? Could the data fall into the wrong hands? Could sensitive data be inadvertently released? These challenges aren’t insurmountable but they do need to be considered.
Meanwhile, there’s a powerful source of shared security data that you might not realize you have: your cloud hosting provider and security-as-a-service provider. Cloud providers host infrastructure for thousands of end customers, giving them insight into infrastructure issues that no single organization would have on their own, and the means to use it to improve management. In fact, security provider Alert Logic, which works with many top providers including Virtacore, publishes an annual analysis of security data across their customer base. And on a day to day basis, Alert Logic incorporates these learnings into the services they provide for cloud users.
There’s strength in numbers when it comes to security data – just one of the advantage that a cloud provider with good security practices and partners can bring to you.