Responding to customers' requests for more access to security-event data, cloud providers are exposing customer-specific aspects of their massive data sets to help businesses better defend themselves. Cloud security firm Incapsula, for example, announced last month that it would start delivering to its customers their servers' performance and attack metrics in real time. The company takes millions of transactions across 15 data centers, brings them into a central data repository, organizes them, and then displays the data relevant to each customer. The data can be used by businesses to better react to certain types of attacks, such as application-layer denial-of-service attacks, says Marc Gaffan, co-founder and vice president of business development for the company.
"Now our end user can see, in real time, the transactions hitting their network," he says. "This gives them the visibility to work with us and be more self-sufficient."
Cloud security providers are finding that their customers want more data. For many companies, learning that a threat was blocked is no longer enough. More sophisticated enterprise customers want deeper access to the data on which a decision is based so they can investigate the incident themselves and determine whether they need to take further action.
In some ways, the trend is an adjustment in the cloud services model, says Dean De Beer, chief technology officer for malware-analysis-as-a-service platform ThreatGRID. Companies moved to security-as-a-service to simplify a complex set of processes, but that does not mean they do not want access to the data on attacks or malware targeting their networks, he says.
"The ability for people to really make a difference in the environment without having to have the expertise to set up the infrastructure -- it's huge," he says, adding that companies need to give the sophisticated users of their services as much information as they need to do their jobs. "The end user is saying that they want this data and vendors need to provide it."
[With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities. See Services Offer Visibility Into Cloud Blind Spot.]
Another cloud security firm that has opened the curtains to reveal certain facets of its large datasets is OpenDNS. The company has modified its cloud-based domain name service to go beyond blocking or allowing traffic, and now offers companies the ability to gather additional details about the domains to which traffic is flowing.
Called Security Graph, the service lets customers of OpenDNS's Umbrella service dig down into the data and determine, for instance, whether an attack is part of a mass, opportunistic probe or a targeted attempt to compromise the business. In an opportunistic attack, the company will be one of many OpenDNS customers that attempt to go to a specific, malicious server; in a targeted attack, the company may account for the lion's share of traffic to that server, says Dan Hubbard, chief technology officer for OpenDNS.
"If you see a machine beaconing out to a domain, a cloud solution would say, 'This is blocked as malware,'" he says. "With that sort of response, there is not enough information to determine if this is an attacker looking for PayPal credentials or if this is someone exfiltrating data to a Chinese network."
While using big data analytics for security has garnered a great deal of attention, it typically requires staff with specialized knowledge to successfully implement. Because of their expertise in dealing with large datasets, cloud providers can excel at providing meaningful access to the data, says Incapsula's Gaffan.
"I think big data analytics and security analytics are a core competency for cloud service providers," he says. "They can immediately identify a certain pattern and give companies visibility into the data."
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.