Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "what are the three major points for attention in cloud security". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Deployment mechanism needs to be flexible

Whether an endpoint security solution covers the entire enterprise or only a few new users, the flexibility and convenience of the deployment mechanism are essential. For instances such as cloud-based security solutions where the management system is outside the business environment, the deployment process must be adjusted appropriately. Although deployment is bound to be an one-off rather than repetitive task, the process is still sizeable for large business environments, so we should deal with it cautiously from the start.

The fundamental difference between traditional endpoint deployment and cloud-based endpoint deployment is that the relevant endpoints of cloud products are in the internal private network environment, while the management server is in the external public network environment. Because business endpoints must be protected by a firewall (and almost certainly use a private IP address space), communication between the server and the controlled client needs to be initiated by the client.

In our research, we found that there are three main deployment schemes: installing through software packages, downloading URL through software, and using gateway devices. The first two scenarios are initiated by the client and invoke the proxy and endpoint security files from the server. The third scheme pushes the agent and related software (through the default gateway system in the firewall) to the client from the server side.

Then even if the vendor provides an automated "push" option, the cloud deployment requires at least one invocation installation in the endpoint client. This is because the push installation requires the use of a local computer as a gateway device to establish a push channel between the external cloud management server and the internal client. However, according to our assessment, only one of the five products offers a "push" option.

When it comes to installing the endpoint agent, the easiest way is to use the administrative console to email the installation URL to the endpoint user. (URL and the installation tools in the calling solution are written by the cloud security ID of the customer enterprise, thus realizing the automatic association between the client and the customer cloud security management server.)

The push system can be installed without user intervention. As long as the target device is found through the name and IP address displayed on the administrative console, and the necessary endpoint login certificate is provided for the automatic installation mechanism, other tasks can be taken care of by the system itself.

Cloud Endpoint Security Alert is very useful

After the installation is over, the next thing to focus on is the alarm feature. The alerts feature helps administrators quickly understand potential security issues. In addition to displaying alert messages on the product's management console, most cloud endpoint security products can also send alert notifications via email and / or text messages (text messages).

Typical alert conditions typically include items such as detected threat activity, detected blocked URL, expired virus definition library, and no security scan for several days in a row. Surprisingly, in our research, we found that some service scenarios provide only a limited number of alerts or even no alarm capabilities at all. Unlike the real-time analysis mechanism, security management tools must be based on reports.

Administrators cannot stay in front of the console 24 hours a day, so the alarm mechanism has become a critical security feature, and enterprises should not ignore it, but should ensure that it works well.

Improve Cloud Endpoint Security report

I believe you already know very well the significance of the report. Security management tools typically list detected threat activity, infected devices, and attempt to initiate access to blocked websites. But unexpectedly, three of the five services we evaluated did not provide any predefined reporting capabilities. Although manual report generation is not a heavy task, in fact, several major suppliers have not really taken the time to improve their products. The report generated is too basic and lack of depth to accurately reflect the health of the business environment. By contrast, many functional products perform much better.

Before embarking on deployment, it is important to strictly define the alerting and reporting requirements of the enterprise. What should the new system provide that is already covered in the existing endpoint security report? Do we need to add or add the necessary reporting mechanisms? What is the purpose of its operation? Find reasonable answers to these questions and submit the plan to the cloud endpoint security provider, requiring them to meet all the requirements listed through their products-at no additional cost, of course.

This is the end of the content of "what are the three major considerations for cloud security"? thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.