Automating Security, Continuous Monitoring, and Auditing in DevOps
-
What is continuous monitoring and auditing?
-
What security risks are flagged during monitoring and auditing?
-
How do continuous monitoring and auditing help organizations?
-
What makes continuous monitoring and auditing challenging to implement?
-
Ship applications faster
-
Build securer applications
-
How Hybrid Cloud Security helps
What is continuous monitoring and auditing?
Continuous monitoring and auditing are intended to promptly identify and report gaps in development, security, and compliance.
Auditing entails internal or external auditors collecting and reviewing information from an organization’s IT systems or infrastructures, processes, and controls, to ensure that they meet compliance requirements.
Continuous monitoring involves using analytics and other feedback data to ensure that the controls in place are functioning as designed and configured properly, transactions are properly processed, and that there are no gaps or errors in an application’s underlying infrastructures.
Sign-off–based approaches to monitoring do not take into account the highly dynamic culture of DevOps. Containers can easily be created and abandoned, and multiple builds are implemented during rapid periods. Meanwhile, failing a security audit leads to rework, a disruption that has implications on both cost and time-to-market.
What security risks are flagged during monitoring and auditing?
Continuous monitoring involves identifying vulnerabilities and utilizing the latest threat intelligence against malware or exploits that take advantage of these security flaws. Additionally, it entails detecting modifications to the application’s design and the underlying infrastructures that host it. Continuous monitoring implements an automated feedback mechanism that aggregates, correlates, and analyzes data required for compliance. Monitoring capabilities are regularly assessed and refined as necessary.
When it comes to security, auditors, QA engineers, and compliance teams look at a number of key factors including:
- • Telemetry — Logging, correlating, aggregating, determining, and triaging the application and its infrastructure’s vulnerabilities, misconfigurations, and integrity (i.e., changes or defects in functionalities or configurations, patch management).
- • Inventory and access/privilege policies — Checking the resources that are allocated to the applications, and managing access and control to them — from the network and server to gateway.
- • Inventory and visibility — Identifying which components are running and how they’re performing. This provides more visibility into the organization’s online assets, which helps manage risks and compliance reports.
How do continuous monitoring and auditing help organizations?
Continuous monitoring and regular audits of cyber security protocols help organizations with identifying threats and vulnerabilities earlier ideally shifting protection earlier in the CI/CD pipeline and inner workings of the business as opposed to just perimeter or firewall security. When it comes to DevOps, this is a “shift left” and is critical to today’s security controls, new development tools, and open-source content is adopted rapidly. This means performance, resource allocation, and functionality issues, misconfigurations, vulnerabilities, and other operational challenges are identified and resolved earlier, when they pose less costs to the organization. It’s also a way to detect issues that otherwise may have been missed by development, testing, or deployment tools without sacrificing downtime. Auditing also helps provide feedback on the functionality, efficiency, and security of the application and the infrastructure that runs it. It also provides the visibility needed to identify risks and deter exposure to threats.
Additionally, continuous monitoring and auditing provide value that can improve existing policies and controls, and if applicable, clear bottlenecks in the development or operations processes. While monitoring may have been traditionally implemented in the later stages of the development life cycle, the adoption of DevOps (which focuses on shorter release cycles), evolving technologies, and dynamic consumer demand and expectations are driving the need to integrate monitoring and auditing capabilities earlier into the application’s life cycle.
What makes continuous monitoring and auditing challenging to implement?
DevOps emphasizes faster turnarounds and thus may seem contrary to the objectives of continuous monitoring and auditing, which focuses on vetting applications at each stage of their development and delivery. This is especially true for organizations that still employ manual processes for auditing and monitoring their applications, which can lead to downtime and even errors.
Further challenges include the use of disparate monitoring tools across platforms or environments that the application or workload runs on. Juggling between different tools can lead to an error-prone monitoring and auditing process. The challenge is exacerbated as organizations tackle scalability — how data and security mechanisms can be applied across numerous applications, workloads, systems, networks, servers, and platforms. This can make auditing and monitoring unnecessarily complex and inconsistent.
Ship applications faster
DevOps teams may think that security would slow down their workload’s turnaround, and in turn, miss time-to-market targets. A good security solution will automate manual processes in the CI/CD pipeline while helping auditors and security or compliance teams continuously monitor the application/software. This can be accomplished through security-focused APIs that work within orchestration, monitoring, and a continuous delivery toolchain.
Automating security in the development life cycle also helps overcome bottlenecks that may be caused by shortages in DevOps, IT, and cybersecurity talent. Organizations recognize this challenge. In fact, it is projected that by 2019, 70 percent of DevOps-related initiatives will integrate automated security and vulnerability and configuration scanning.
Build securer applications
Automated security enables developers to create more secure and compliant applications from the first build. Security is baked in as code via APIs and script templates that help simplify implementation and automation. Shifting security earlier in the development life cycle reduces friction between development and operations teams as well as auditors, compliance, and security teams. For instance, integrating build-time and continuous image registry scanning for vulnerabilities, malware, and secrets including credentials, passwords, keys, and certificates in the DevOps pipeline helps contain threats before they impact containers at runtime, and help monitor for any new threats that impact golden images. And by incorporating runtime workload protection and platform and orchestration protection for Docker and Kubernetes, applications are protected against threats when deployed. A good security solution should include:
- • Network security capabilities that prevent network-based attacks and shields vulnerable applications and servers.
- • Intrusion prevention and detection systems that deter network-based exploits of vulnerabilities.
- • Web reputation that blocks malicious URLs and websites.
- • Host-based firewall that protects endpoints connected on the network via stateful inspection.
- • Vulnerability scanning capabilities that scans the OS and application for security flaws.
How Hybrid Cloud Security helps
Trend Micro’s Hybrid Cloud Security solution provides powerful, streamlined, and automated security within your organization’s DevOps pipeline and delivers multiple XGen™ threat defense techniques for protecting runtime physical, virtual, and cloud workloads. It also adds protection for containers via Deep Security and Deep Security Smart Check, which help DevOps and security teams shift left by scanning and ensuring the security of container images during pre-runtime and runtime.
These solutions enable organizations to focus on security and compliance while still moving in the agile and adaptable world of DevOps. They also reduce the number of security tools needed with multiple security capabilities and a single dashboard to give you full visibility into leading environments like Amazon Web Services, Docker, Microsoft Azure, and VMware. The Trend Micro Deep Security solution lowers the cost and complexity of securing workloads across multiple environments, including automated deployment, extensive APIs for critical layered security controls, and security capabilities that can virtually shield servers from the latest advanced threats.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Bridging Divides, Transcending Borders: The Current State of the English Underground
- Ransomware Spotlight: Ransomhub
- Unleashing Chaos: Real World Threats Hidden in the DevOps Minefield
- From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Attack Surface Management
- AI Assistants in the Future: Security Concerns and Risk Management