Cloud Security Monitoring
- Solomon F Prophete
- Former user (Deleted)
- Former user (Deleted)
Welcome to the CUIT Cloud Security Page
The CUIT Information Security department has collaborated with Infrastructure services to implement a process which will monitor known malicious behaviors within cloud environments. This process requires logs from the cloud environment to be sent and analyzed into our SIEM (Sumo Logic). Once the correlation is performed events will be tracked and information distributed to the appropriate teams. This is a service is created by CUIT Security to provide security monitoring around the Columbia University cloud workloads. Together our mission for this initiative is provide a secure compute environment for our colleagues with cloud based workloads.
Process Overview
Malicious or undesirable activity occurs in the cloud environments
Log data is generated and sent into Sumo Logic
This log data will trigger alerts in Sumo Logic identifying the abnormal activity
Each week a summary of the malicious activities will be distributed to the owner of the cloud account in the environment
The email will contain a breakdown of the events that have occurred
Links will be included to Confluence which is a knowledge base for cloud security events
Responsibilities
Team | Role |
|---|---|
CUIT Security | Detection of malicious activity or anomalies |
CUIT Infrastructure | Remediation of the event with the owner of the cloud workloads |
Security Best Practices
Experts say that enterprises can increase the security of their public cloud deployments by following best practices and deploying the right cloud security technologies. Enterprises that want to be among the organizations experiencing fewer security issues should take the following steps:
Understand your shared responsibility model
Ask cloud provider detailed security questions
Deploy identity and access management (IAM) solution, leverage SAML and multi-factor authentication
Train your staff about the newest threats and potential countermeasures
Establish and enforce cloud security policies - security staff should have automated solutions in place to ensure that everyone is following these policies
Secure your endpoints that includes firewalls, anti-malware, intrusion detection, access control
If you are looking for anti-virus or anti-malware CUIT provides Malwarebytes to the university
Encrypt data in motion and at rest
Use intrusion detection and prevention technology - help organizations identify when an attack has occurred and take action to stop attacks in progress
Review your organization's particular compliance requirements and make sure that your service provider will meet their data security needs
Consider a 3rd party partner or consultant - to offer solutions or services designed to enhance cloud security
Conduct audits and penetration testing - to determine whether your existing cloud security efforts are sufficient to protect your data and applications
Criticality
Critical - The highest confidence of a misconfiguration or potential threat - Requires immediate action and attention to resolve the issue
High - Potential attacks or threats - Requires action and investigation to resolve the issue
Medium - Identifies best practices for the cloud configuration
Low - This provides transparency to important events occurring on the Cloud, this may be a legitimate transaction. Account Owners are encouraged to review the activity to validate.
By seeking and reporting on unfavorable events discovered among Columbia Cloud Security environments, we can work towards a safer operation and reduction of risk when using these technologies. Please see the below categories to view more information regarding a particular cloud platform along with their respective alerts.