Learn why IDS/IPS is not only relevant in the cloud but required for enterprises.
As organizations moved to the cloud, many we've spoken with about securing workloads in public cloud asked an important question: Since I don't manage infrastructure anymore (well, mostly), do I still care about infrastructure-level security like intrusion detection system (IDS) and intrusion protection switching (IPS)? The short answer is yes, you should. Here is why…
As enterprises make the leap to the public cloud (AWS, Azure, Google Cloud Platform (GCP), and Oracle Cloud Infrastructure (OCI), some security problems fade, such as infrastructure patching, defending against syn attacks, and physical security, while other challenges arise. The public cloud is a highly dynamic environment where rapid deployment of infrastructure and apps is the norm and infinitely scalable services are everywhere. Environments like these require highly scalable security to protect them against threats that target the infrastructure and applications that live within.
Traditionally, intrusion detection and prevention systems (IDS/IPS) provide real-time protection against network attacks, exploits, and exposures in application code and operating systems that workloads run on. But is IDS/IPS still relevant in the cloud? We look at network-based IDS/IPS for enterprises in the cloud in AWS, Azure, GCP, and OCI and find it's more relevant than ever.
Considerations: shared responsibility, app variety, and the nature of threats
Here are some cloud considerations for IDS/IPS for AWS, Azure, GCP, and Oracle:
The bottom line is that many of the capabilities that network-based IDS/IPS provides are still needed, but given the cloud landscape, IDS/IPS will have to take a different form.
High-level cloud IDS/IPS differences from traditional environments
The cloud landscape dictates network IDS/IPS requirements. Before looking at specific network-based IDS/IPS requirements in the cloud, let's dive a little deeper into some of the meaningful differences in public cloud networking versus traditional networking:
The dramatic differences in public cloud networking means your traditional IDS/IPS solution that relies on stable environments, stable demand/capacity planning, and defined perimeters can't keep up with the dynamic nature of the cloud. All the above IDS/IPS cloud requirements mean that traditional solutions that rely on stable environments, stable demand against capacity, strong perimeters, and internal traffic in the clear, and high-performance silicon are not going to translate to the public cloud.
In this new world, we need prevailing security knowledge, but the implementation of IDS/IPS needs to be different. Lifting and shifting existing IDS/IPS tools as virtual appliances ported from the on-premises data center results in similar inefficiencies as lifting and shifting legacy apps to the public cloud without refactoring.
After numerous customer conversations where we have discussed IDS/IPS, we found that most organizations are increasingly acknowledging the need for IDS/IPS in public cloud, they need it to work a bit differently than it did in data center environments. Specifically, we see the following requirements articulated by enterprises:
For self-healing benefits across architecture, infrastructure, and ops:
Cloud WAF is often a nice addition for app-level threats and compliance.
The verdict: IDS/IPS is more than relevant in the cloud, it is essential IDS/IPS is more than relevant in the context of cloud environments. In fact, organizations need to protect against threats and prevent unauthorized access of workloads, making IDS/IPS both a critical and foundational component for successful cloud security strategy. Not only is it designed to protect against outside threats (ingress security), but it also stops lateral movement between clouds and VPCs and can apply inspection on outbound traffic, protecting your cloud workloads from many angles.
Easily implement IDS/IPS across clouds with Cisco Multicloud Defense IDS/IPS is one of the foundational services offered by Cisco Multicloud Defense. The Multicloud Defense single control plane allows organizations to deploy and manage IDS/IPS consistently across their cloud environments from one location. Built for the cloud, Multicloud Defense IDS/IPS capability extends the traditional appliance-centric concept to a dynamic, service-oriented, multicloud world giving organizations the protection they need to secure their workloads and infrastructure with the necessary attributes to execute successful cloud security strategies.
To learn more about Cisco Multicloud Defense, visit our website cisco.com/go/multicloud-defense.