What do you think of when you hear the word “orchestration?”
The common answer from someone not in the security profession would probably be, well, a conductor getting many different musical instruments to play something beautiful together. Are you hearing the opening theme to Star Wars in your head right now?
Within the security field, oftentimes “orchestration” becomes synonymous with “automation.” That’s not entirely accurate, but they are cousins of a sort.
In the context of the cloud, orchestration discovers our weak spots, simulates attacks, simulates patches, checks for compliance and makes changes to the cloud environment with zero human touch.
What do you need for successful orchestration of a cloud?
In simplest terms:
- Vulnerability management
- Continuous compliance
- Ability to make changes to cloud controls
We can take these one-by-one now.
This comes down to (a) attack simulation and (b) patch simulation.
Attack simulation combines vulnerabilities with your security controls and policies. By seeing what’s allowed and how a vulnerability could be reached, you know how an exposure could turn to exploit.
Patch simulation is the photographic negative of attack simulation. You don’t want to patch at random. It’s not strategic and, worse, it’s time-consuming. What you need is a system where you can basically “play” with different options to see if a specific patch could drastically reduce vulnerabilities elsewhere. Patch simulation done effectively (which FireMon offers) makes patching focused, targeted and strategic. Aren’t those all good business words?
This is where orchestration is beginning to take all the data and help you make informed decisions. That’s the core value of orchestration in a security context.
First, this needs to be acknowledged: compliance does not necessarily mean regulatory compliance. To be compliant, we must also adhere to the security intentions and goals of the enterprise, which are often more critical than a point-in-time audit.
A critical feature of any continuous security program is continuous compliance, which can only be realized with orchestration. Compliance controls sit here, cloud controls sit there. Users and applications don’t sit still. To make sure we’re always compliant, we need a single place to establish the controls, leverage all the sources just mentioned and examine the benchmarks in real-time. “Real-time” is the key. You can’t be waiting hours for actions to occur or for the opportunity to examine where you stand compliance-wise. In the current attack surface landscape, real-time is essential.
But now you actually need to change controls in the cloud
Now that we’ve simulated attacks, surveyed our patch options and checked compliance, we are ready to make changes to the cloud infrastructure. Again, control changes lend themselves well to orchestration.
This area is actually a competitive differentiator for us: other solutions require your cloud to play host to a traditional firewall camping out in your cloud infrastructure (AWS, Azure, GCP, etc.), which is the same as on-premises.
But, as we see, that assumes you have all the security controls in place and that you merely need to control traffic to the cloud’s front door. That’s not true.
AWS, for example, uses Amazon Security Groups to hold all our cloud security controls. To truly orchestrate security, in the AWS example, we must command security rules directly into the security groups. If one single unused or overly permissive rule in a firewall is sitting in front of the cloud, all hell breaks loose when that firewall allows harmful access.
The bottom line
Orchestration pulls together disparate sources, simulates attacks, models patching options, performs sub-second compliance checks and implements changes to fortify the enterprise’s cloud infrastructure. All the departments and data sources of your business are the trombones and steel drums, and orchestration is what turns it all into a beautiful harmony of revenue, growth and peace of mind. You need orchestration to fully realize the potential of your cloud.
At FireMon, one of our greatest sources of product pride is that our orchestration happens within a single console (you’ll also hear the term “single pane of glass”), wrangling all the data, putting you in the shoes of an attacker, scoring your risks and giving prioritized direction to improve security.
Let us know how we can help in any way, or feel free to read our full eBook on gaining control of the cloud.