Article

IS IDS/IPS STILL RELEVANT IN THE CLOUD?

Recommended

Free Tier
Product Tour

Learn why IDS/IPS is not only relevant in the cloud, but required for enterprises.

Have Questions About IDS/IPS? Want to see Valtix in action?

Request a DemoTry Valtix Free Tier - Forever Free

Cloud Intrusion Detection and Prevention Systems (IDS/IPS) for AWS, Azure, GCP, and OCI

What Is Cloud IDS/IPS?

As enterprises make the leap to the Public Cloud (AWS, Azure, Google Cloud Platform, and Oracle), some security problems disappear, but organizations need to solve some new ones. The public cloud is a highly dynamic environment, with rapid deployment of infrastructure and apps the norm and infinitely scalable services everywhere.

Traditionally, Intrusion Detection and Prevention Systems (IDS/IPS) provide real-time protection against network attacks, exploits, and exposures in application code and operating systems that workloads run on. But is IDS/IPS still relevant in the cloud? We look at network-based IDS/IPS in the cloud for AWS, Azure, GCP (Google Cloud), and OCI (Oracle).

Article Contents:

Cloud IDS/IPS Considerations:

Here are some cloud considerations for Intrusion Detection and Prevention Systems (IDS/IPS) for AWS, Azure, GCP, and Oracle:

  • Your cloud provider isn’t going to protect you against network-level threats – their security secures their cloud platform, not your apps.
  • Best practice suggests using more and more segmentation – whether VPC to VPC across accounts, cloud to cloud, or simply network level – organizations are creating trust boundaries but need to inspect traffic more deeply than simple port/protocol to secure access and provide containment.
  • The variety of app approaches (Containers, VMs, PaaS, Serverless) means that many of the controls that sit closer to the app are fragmented, at best. The network is the only common ground.
  • Attacks like SolarWinds and other supply chain attacks will continue and require creative approaches to securing public cloud workloads.
  • Basic regulatory compliance and data protection standards offered by some cloud providers may be insufficient to meet your specific application requirements.

The bottom line is that many of the capabilities that network-based IDS/IPS provides are still needed, but given the cloud landscape, IDS/IPS will have to take a different form.

cloud security architecture network security checklist ingress egress east-west

Cloud IDS/IPS Requirements

The cloud landscape dictates network IDS/IPS requirements. Before looking at specific network-based IDS/IPS requirements in the cloud, let’s dive a little deeper into some of the meaningful differences in public cloud networking in AWS, Azure, GCP, and OCI:

  • Cloud environment is dynamic and infinitely scalable
  • IP is ephemeral in the public cloud
  • Cloud is perimeter-less. It is best practice is to segment workloads and encrypt all traffic No custom silicon is available in public cloud

All of the above IDS/IPS cloud requirements mean that traditional solutions that rely on stable environments, stable demand against capacity, strong perimeters, and internal traffic in the clear, and high-performance silicon are not going to translate to the public cloud.

In this new world, we need prevailing security knowledge, but the implementation of IDS/IPS needs to be different. Lifting and shifting existing IDS/IPS tools as virtual appliances ported from the on-premises datacenter results in similar inefficiencies as lifting and shifting legacy apps to the public cloud without re-factoring.

IDS/IPS Requirements Based on Valtix Customers

Some cloud IDS/IPS requirements based on Valtix customer conversations:

  • IDS/IPS must be a cloud-native network service – needs to inherit all of the attributes of cloud: infinitely and automatically scalable, automated deployment, available everywhere
  • Since we assume everything is encrypted – decryption everywhere is a must
  • Fail open/fail closed is now a security discussion, not an availability one.
  • Capacity is totally elastic, so the traditional rationale can and should be revisited
  • Self-healing – benefits across architecture/infrastructure/ops:
    • Resilience needs to be built in, it can’t be overlaid with network design
    • With the massive scale of inspection nodes for the cloud – need highly efficient operations
    • Pace of change is high in cloud – IDS/IPS infrastructure must keep up
  • Cloud WAF is often nice for app-level threats and compliance

Valtix Built IDS/IPS for the Cloud

cloud security gateway controller

IDS/IPS is relevant in the cloud. It is one of the foundational services offered by Valtix. With a cloud-native security platform, a model based on Discover, Deploy, Defend, the ability to see beyond the traditional appliance-centric view, and efficient and automatic operations, Valtix meets and exceeds the above requirements.

Cloud IDS/IPS is Not Only Relevant, But Required

IDS/IPS is not only relevant in the cloud but required for most enterprises. Increasingly, the need for Intrusion Detection and Prevention Systems (IDS/IPS) is not only designed for threat protection from outside (ingress security) but also to stop lateral movement of threats and to apply inspection on outbound traffic.

See how Valtix can enable IDS/IPS in AWS, Azure, GCP, and OCI in minutes.

SIGN UP FOR OUR FREE TIER

 

Try Valtix Free Tier (Forever Free)5 Minute Product Tour
Back To Top