By providing a way to monitor network traffic, network forensics provides clients of cloud computing services confidence that their clients' data is secure, said Pete Schlampp, vice president of marketing and product management at Solera Networks.
“We have had increasing demand from cloud vendors…to add network forensics to their offerings. There is this growing anxiety among enterprises and other institutions that are getting pulled into the cloud about what is actually happening to the data and operations out on someone else’s network. They are asking, ‘How do I know for sure who has access to it, what has been accessed, and why it was accessed?’ ”, Schlampp told Infosecurity.
Cloud vendors are looking for network forensics appliances that enable them to go back in time and track everyone that had access to the client’s data and operations. This provides some level of confidence for the client in using cloud services, he explained.
Concerns about cloud security were raised recently by the Stuxnet worm. “We had an uptick in requests [for network forensics] around the time that Stuxnet gained notoriety. I think the reason why is that many of [the cloud vendors] actually saw Stuxnet as a compelling event for them,” he said.
Clients of cloud vendors were worried about the threat posed by Stuxnet and the seeming inability of existing information security tools to defend against it, Schlampp said. “Stuxnet is the fine point on a narrative that has been going on throughout 2010 and has finally pierced the confidence that people had in the cloud….If cloud providers are not able to provide a level of assurance that there networks are secure, it is going to slow down the growth of the cloud business,” he warned.
Networks forensics cannot stop attacks like Stuxnet from happening, but it can provide a way to lessen the impact by providing analysis that enables a more rapid response to the infection. “There are things that happen which can’t be defended against by tools which block. That is becoming the norm….Security has a different definition than it has in the past. Security is not necessarily blocking and preventing. The question becomes: ‘How do I go in and respond quickly and cost effectively?’”
According to a Solera Networks white paper, network forensics provides the following benefits: prepares organizations to respond swiftly to zero-day, negative day, and unknown threats; enhances the value and effectiveness of other security investments; reduces and simplifies the monitoring, reporting, analysis, and remediation time required to defend against attacks; facilitates prosecution through forensically complete evidence; provides an understanding of breach root causes to enable swift, intelligent and effective response to prevent catastrophic events and ongoing risk; and allows for validation of fixes installed after a breach occurrs through the ability to replay a network attack.
“Network security is no longer just about prevention. Attacks and breaches have happened, do happen, and will happen. Organizations need to be able to minimize the effects of these attacks through the swift, intelligent response provided by active network forensics,” the white paper said.