Learn why IDS/IPS is not only relevant in the cloud but required for enterprises.
As organizations moved to the cloud, many we’ve spoken with about securing workloads in public cloud asked an important question: since I don’t manage infrastructure anymore (well, mostly), do I still care about infrastructure-level security like IDS/IPS? The short answer is yes, you should. Here is why…
As enterprises make the leap to the public cloud (AWS, Azure, Google Cloud Platform, and Oracle), some security problems fade (e.g., infrastructure patching, defending against syn attacks, physical security), while other challenges arise. The public cloud is a highly dynamic environment where rapid deployment of infrastructure and apps is the norm and infinitely scalable services are everywhere. Environments like these require highly scalable security to protect them against threats that target the infrastructure and applications that live within.
Traditionally, Intrusion Detection and Prevention Systems (IDS/IPS) provide real-time protection against network attacks, exploits, and exposures in application code and operating systems that workloads run on. But is IDS/IPS still relevant in the cloud? We look at network-based IDS/IPS for enterprises in the cloud in AWS, Azure, GCP (Google Cloud), and OCI (Oracle) – and find it’s more relevant than ever.
Considerations: Shared Responsibility, App Variety, and the Nature of Threats
Some cloud considerations for Intrusion Detection and Prevention Systems (IDS/IPS) for AWS, Azure, GCP, and Oracle:
The bottom line is that many of the capabilities that network-based IDS/IPS provides are still needed, but given the cloud landscape, IDS/IPS will have to take a different form.
High Level Cloud IDS/IPS Differences from Traditional Environments
The cloud landscape dictates network IDS/IPS requirements. Before looking at specific network-based IDS/IPS requirements in the cloud, let’s dive a little deeper into some of the meaningful differences in public cloud networking versus traditional networking:
The dramatic differences in public cloud networking means your traditional IDS/IPS solution that relies on stable environments, stable demand/capacity planning, and defined perimeters cannot keep up with the dynamic nature of the cloud. All the above IDS/IPS cloud requirements mean that traditional solutions that rely on stable environments, stable demand against capacity, strong perimeters, and internal traffic in the clear, and high-performance silicon are not going to translate to the public cloud.
In this new world, we need prevailing security knowledge, but the implementation of IDS/IPS needs to be different. Lifting and shifting existing IDS/IPS tools as virtual appliances ported from the on-premises datacenter results in similar inefficiencies as lifting and shifting legacy apps to the public cloud without re-factoring.
Specific IDS/IPS Requirements from Customers – Or, How IPS/IDS Should Work in Cloud
After numerous customer conversations where we have discussed IDS/IPS, we have found that most organizations are increasingly acknowledging the need for IPS/IDS in public cloud, they need it to work a bit differently than it did in data center environments. Specifically, we see the following requirements articulated by enterprises:
The Verdict: IDS/IPS is More Than Relevant in the Cloud – it is Essential
IDS/IPS is more than relevant in the context of cloud environments. In fact, organizations need to protect against threats and prevent unauthorized access of workloads, making IDS/IPS both a critical and foundational component for successful cloud security strategy. Not only is it designed to protect against outside threats (ingress security), but also stops lateral movement between clouds and VPCs and can apply inspection on outbound traffic, protecting your cloud workloads from many angles.
Easily Implement IDS/IPS Across Clouds with Cisco Multicloud Defense
IDS/IPS is one of the foundational services offered by Cisco Multicloud Defense. With Multicloud Defense’s single control plane, organizations can deploy and manage IDS/IPS consistently across their cloud environments from one location. Built for the cloud, Multicloud Defense’s IDS/IPS capability extends the traditional appliance-centric concept to a dynamic, service-oriented, multicloud world giving organizations the protection they need to secure their workloads and infrastructure with the necessary attributes to execute successful cloud security strategies.
See how Cisco Multicloud Defense can enable IDS/IPS in AWS, Azure, GCP, and OCI in minutes with a free trial or view our product tour.
To learn more about Cisco Multicloud Defense, visit our website cisco.com/go/multicloud-defense.