Big data analysis and the development of artificial intelligence have made security and intelligence possible. This article starts with software definition and combines the three phases of the
cloud security technical route to elaborate on why cloud security must realize intelligent collaboration, whether such intelligent collaboration is feasible and how to achieve it.
Cloud security, from "software definition" to "intelligent collaboration", is a trend, an inevitable, and of course a challenge.
1 Overview
The concept of "software-defined" was once sought after with the rise of software-defined networking. Software-defined storage, software-defined architecture, software-defined data center, software-defined cloud computing, etc. have appeared one after another, and even software-defined everything has appeared. Of course, this also includes software-defined security.
So why is software definition so popular? The author believes that software definition proposes an almost perfect idea for solving problems. It places all beautiful visions on a logically centralized control center, especially with the continuous development and application of virtualization and cloud computing. The need for centralized control is becoming more and more urgent.
Software definition is an attitude, an idea, and an architecture. This architectural idea includes three levels of content: the first is the lowest resource layer, which can also be called the infrastructure layer, or the execution layer, which is the object that needs to be controlled and operated; the second is the control layer, which is the software The centralized control center in the definition architecture is the issuer of the operation instructions executed by the execution layer below; the last is the application layer above, which implements different applications based on specific business requirements, and then sends the corresponding control logic to the The execution layer is transformed into corresponding execution operation instructions.
Software definition is just an architectural idea. From the perspective of the entire system, the realization of software definition is equivalent to the realization of the framework of the system. The real thinking and soul are the upper-level applications. This is similar to the so-called "application is king" in the Internet age.
So back to cloud security, the characteristics of
cloud computing determine that traditional security solutions cannot be completely replicated and reused for cloud security. Here, the author summarizes the technical route of cloud security into three stages:
(1) Virtualization of security equipment
In the early days of cloud security development, due to cloud computing's resource virtualization, multi-tenancy, and elastic scalability, the traditional "safe box" solution could not solve the security problems in the cloud. The simple and effective way is to also virtualize the "safe box", and the specific form is to turn a hardware device into a virtual machine.
In this way, different tenants apply, deploy, and use secure virtual machines in their tenant networks according to their different security requirements. For example, if a tenant needs to perform intrusion detection and web protection for his business system, he can apply to purchase a virtualized IDS and WAF for deployment.
This simple virtualization method is actually not much different from the security solution of a traditional data center. It just turns the hardware device into a virtual machine. The management, configuration, operation and maintenance of security devices still require users to manually log in to each device for operation.
In this way, a simple and rude virtualization method has formed the first phase of cloud security solutions. Basically realized the 0 to 1 process of professional security protection for the cloud environment.
(2) Security resource pooling (software defined)
As people's awareness of cloud security continues to deepen, everyone is no longer satisfied with this simple and rude way.
From the perspective of the cloud service provider, he will consider whether the price/performance ratio is appropriate for resource utilization in the cloud when all tenants exclusively occupy a set of security device virtual machines;
From the user's point of view, 1) Is the security cost appropriate for tenants purchasing and deploying security device virtual machines exclusively? According to the author, the price of a separate security device virtual machine in the cloud is not low; 2) Security Whether the operating cost is appropriate, on the one hand, it is necessary to configure the security policy of each security virtual machine one by one like traditional security equipment, which is cumbersome and troublesome; on the other hand, security equipment includes transparent mode, proxy mode, bypass mode, etc. Kind of deployment method. This requires professionals with a certain security background to be able to complete.
Then at this stage, a cloud security solution based on software-defined security came into being. The security resource is no longer a security device virtual machine exclusively owned by the tenant, but instead provides an imperceptible security service for the tenant through the method of pooling the security resource.
On the one hand, for cloud service providers, the pooling approach can better improve their resource utilization; on the other hand, for users, the service-based approach does not require complicated deployment by themselves, but can also Security applications minimize their security operating costs as much as possible.
(3) Intelligent security protection (intelligent collaboration)
Just like the description of software definition in the previous article, the second phase of the software-defined security-based cloud security solution can be regarded as the framework of this pooled security system. So how to turn it into flesh and blood and soul on the basis of this skeleton is what needs to be considered in the intelligent security protection.
The intelligence here can include how to dynamically and flexibly carry out professional security detection of only necessary traffic; how to realize complex attack detection through the automatic linkage of multiple devices; how to accurately protect against detected abnormalities; and how Continuously improve its own detection and protection accuracy and so on.
What is smart collaboration
The so-called intelligence, according to Wikipedia's explanation, can be summarized as "allowing machines to observe the surrounding environment, perceiving, learning, and analyzing, and taking corresponding actions to achieve certain goals, just like humans." Then the intelligent collaborative security protection, the author defines it as "the security protection system is capable of threat awareness, and mobilizes all available security resources, actively conducts threat detection and defense, and continuously improves its threat awareness capabilities."
Gartner proposed the "Adaptive Security" protection model in 2016, which includes the continuous security protection process of prediction (Predictive), defense (Preventive), detection (Detective) and response (Retrospective) . Self-adaptive security architecture is a typical architecture design method for intelligent collaborative security protection. Through the division of four stages, a continuous closed-loop defense system is formed.
