44 Cloud Computing
to be logged into the service for automatic backups to be performed. There
is native file system support on both 32-bit and 64-bit versions of Windows
(Windows 2000, XP, Vista, 2003 and 2008), and Linux. A new download
resume capability has been added for moving large files and performing
restore operations. A time-slice restore interface was also added, allowing
restoration of files from any given point-in-time where a snapshot was
taken. Finally, it supports automatic updates on Windows (built-in) and
Macintosh (using Sparkle).
2.4 Monitoring-as-a-Service (MaaS)
Monitoring-as-a-Service (MaaS) is the outsourced provisioning of security,
primarily on business platforms that leverage the Internet to conduct busi-
ness.
8
MaaS has become increasingly popular over the last decade. Since the
advent of cloud computing, its popularity has, grown even more. Security
monitoring involves protecting an enterprise or government client from
cyber threats. A security team plays a crucial role in securing and maintain-
ing the confidentiality, integrity, and availability of IT assets. However, time
and resource constraints limit security operations and their effectiveness for
most companies. This requires constant vigilance over the security infra-
structure and critical information assets.
Many industry regulations require organizations to monitor their secu-
rity environment, server logs, and other information assets to ensure the
integrity of these systems. However, conducting effective security monitor-
ing can be a daunting task because it requires advanced technology, skilled
security experts, and scalable processes—none of which come cheap. MaaS
security monitoring services offer real-time, 24/7 monitoring and nearly
immediate incident response across a security infrastructure—they help to
protect critical information assets of their customers. Prior to the advent of
electronic security systems, security monitoring and response were heavily
dependent on human resources and human capabilities, which also limited
the accuracy and effectiveness of monitoring efforts. Over the past two
decades, the adoption of information technology into facility security sys-
tems, and their ability to be connected to security operations centers
(SOCs) via corporate networks, has significantly changed that picture. This
means two important things: (1) The total cost of ownership (TCO) for tra-
ditional SOCs is much higher than for a modern-technology SOC; and (2)
8. http://en.wikipedia.org/wiki/Monitoring_as_a_service, retrieved 14 Jan 2009.
Chap2.fm Page 44 Friday, May 22, 2009 11:24 AM
Monitoring-as-a-Service (MaaS) 45
achieving lower security operations costs and higher security effectiveness
means that modern SOC architecture must use security and IT technology
to address security risks.
2.4.1 Protection Against Internal and External Threats
SOC-based security monitoring services can improve the effectiveness of a
customer security infrastructure by actively analyzing logs and alerts from
infrastructure devices around the clock and in real time. Monitoring teams
correlate information from various security devices to provide security ana-
lysts with the data they need to eliminate false positives
9
and respond to true
threats against the enterprise. Having consistent access to the skills needed
to maintain the level of service an organization requires for enterprise-level
monitoring is a huge issue. The information security team can assess system
performance on a periodically recurring basis and provide recommendations
for improvements as needed. Typical services provided by many MaaS ven-
dors are described below.
Early Detection
An early detection service detects and reports new security vulnerabilities
shortly after they appear. Generally, the threats are correlated with third-
party sources, and an alert or report is issued to customers. This report is
usually sent by email to the person designated by the company. Security vul-
nerability reports, aside from containing a detailed description of the vul-
nerability and the platforms affected, also include information on the
impact the exploitation of this vulnerability would have on the systems or
applications previously selected by the company receiving the report. Most
often, the report also indicates specific actions to be taken to minimize the
effect of the vulnerability, if that is known.
Platform, Control, and Services Monitoring
Platform, control, and services monitoring is often implemented as a dash-
board interface
10
and makes it possible to know the operational status of the
platform being monitored at any time. It is accessible from a web interface,
making remote access possible. Each operational element that is monitored
usually provides an operational status indicator, always taking into account
9. A false positive is an event that is picked up by an intrusion detection system and perceived
as an attack but that in reality is not.
10. A dashboard is a floating, semitransparent window that provides contextual access to com-
monly used tools in a software program.
Chap2.fm Page 45 Friday, May 22, 2009 11:24 AM
46 Cloud Computing
the critical impact of each element. This service aids in determining which
elements may be operating at or near capacity or beyond the limits of estab-
lished parameters. By detecting and identifying such problems, preventive
measures can be taken to prevent loss of service.
Intelligent Log Centralization and Analysis
Intelligent log centralization and analysis is a monitoring solution based
mainly on the correlation and matching of log entries. Such analysis helps
to establish a baseline of operational performance and provides an index of
security threat. Alarms can be raised in the event an incident moves the
established baseline parameters beyond a stipulated threshold. These types
of sophisticated tools are used by a team of security experts who are respon-
sible for incident response once such a threshold has been crossed and the
threat has generated an alarm or warning picked up by security analysts
monitoring the systems.
Vulnerabilities Detection and Management
Vulnerabilities detection and management enables automated verification
and management of the security level of information systems. The service
periodically performs a series of automated tests for the purpose of identify-
ing system weaknesses that may be exposed over the Internet, including the
possibility of unauthorized access to administrative services, the existence of
services that have not been updated, the detection of vulnerabilities such as
phishing, etc. The service performs periodic follow-up of tasks performed
by security professionals managing information systems security and pro-
vides reports that can be used to implement a plan for continuous improve-
ment of the system’s security level.
Continuous System Patching/Upgrade and Fortification
Security posture is enhanced with continuous system patching and upgrad-
ing of systems and application software. New patches, updates, and service
packs for the equipment’s operating system are necessary to maintain ade-
quate security levels and support new versions of installed products. Keep-
ing abreast of all the changes to all the software and hardware requires a
committed effort to stay informed and to communicate gaps in security that
can appear in installed systems and applications.
Chap2.fm Page 46 Friday, May 22, 2009 11:24 AM
Monitoring-as-a-Service (MaaS) 47
Intervention, Forensics, and Help Desk Services
Quick intervention when a threat is detected is crucial to mitigating the
effects of a threat. This requires security engineers with ample knowledge in
the various technologies and with the ability to support applications as well
as infrastructures on a 24/7 basis. MaaS platforms routinely provide this ser-
vice to their customers. When a detected threat is analyzed, it often requires
forensic analysis to determine what it is, how much effort it will take to fix
the problem, and what effects are likely to be seen. When problems are
encountered, the first thing customers tend to do is pick up the phone.
Help desk services provide assistance on questions or issues about the opera-
tion of running systems. This service includes assistance in writing failure
reports, managing operating problems, etc.
2.4.2 Delivering Business Value
Some consider balancing the overall economic impact of any build-versus-
buy decision as a more significant measure than simply calculating a return
on investment (ROI). The key cost categories that are most often associated
with MaaS are (1) service fees for security event monitoring for all firewalls
and intrusion detection devices, servers, and routers; (2) internal account
maintenance and administration costs; and (3) preplanning and develop-
ment costs.
Based on the total cost of ownership, whenever a customer evaluates
the option of an in-house security information monitoring team and infra-
structure compared to outsourcing to a service provider, it does not take
long to realize that establishing and maintaining an in-house capability is
not as attractive as outsourcing the service to a provider with an existing
infrastructure. Having an in-house security operations center forces a com-
pany to deal with issues such as staff attrition, scheduling, around the clock
operations, etc.
Losses incurred from external and internal incidents are extremely sig-
nificant, as evidenced by a regular stream of high-profile cases in the news.
The generally accepted method of valuing the risk of losses from external
and internal incidents is to look at the amount of a potential loss, assume a
frequency of loss, and estimate a probability for incurring the loss. Although
this method is not perfect, it provides a means for tracking information
security metrics. Risk is used as a filter to capture uncertainty about varying
cost and benefit estimates. If a risk-adjusted ROI demonstrates a compelling
business case, it raises confidence that the investment is likely to succeed
Chap2.fm Page 47 Friday, May 22, 2009 11:24 AM
48 Cloud Computing
because the risks that threaten the project have been considered and quanti-
fied. Flexibility represents an investment in additional capacity or agility
today that can be turned into future business benefits at some additional
cost. This provides an organization with the ability to engage in future initi-
atives, but not the obligation to do so. The value of flexibility is unique to
each organization, and willingness to measure its value varies from company
to company.
2.4.3 Real-Time Log Monitoring Enables Compliance
Security monitoring services can also help customers comply with industry
regulations by automating the collection and reporting of specific events of
interest, such as log-in failures. Regulations and industry guidelines often
require log monitoring of critical servers to ensure the integrity of confiden-
tial data. MaaS providers’ security monitoring services automate this time-
consuming process.
2.5 Platform-as-a-Service (PaaS)
Cloud computing has evolved to include platforms for building and run-
ning custom web-based applications, a concept known as Platform-as-a-
Service. PaaS is an outgrowth of the SaaS application delivery model. The
PaaS model makes all of the facilities required to support the complete life
cycle of building and delivering web applications and services entirely
available from the Internet, all with no software downloads or installation
for developers, IT managers, or end users. Unlike the IaaS model, where
developers may create a specific operating system instance with home-
grown applications running, PaaS developers are concerned only with web-
based development and generally do not care what operating system is
used. PaaS services allow users to focus on innovation rather than complex
infrastructure. Organizations can redirect a significant portion of their
budgets to creating applications that provide real business value instead of
worrying about all the infrastructure issues in a roll-your-own delivery
model. The PaaS model is thus driving a new era of mass innovation. Now,
developers around the world can access unlimited computing power. Any-
one with an Internet connection can build powerful applications and easily
deploy them to users globally.
Chap2.fm Page 48 Friday, May 22, 2009 11:24 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.