GOOGLE CLOUD NEXT, LAS VEGAS – The ability to add and remove infrastructure and compute resources at will is a huge part of what makes the cloud great. But those shifting sands are a nightmare for those trying to secure cloud environments, Google’s Head of Product for Security Operations Chris Corde told Fierce Network.
Corde has oversight of Google’s security products, including its Mandiant and Chronicle offerings. Before joining Google in 2021, he spent six years serving as a security executive at VMware.
According to Corde, the ephemeral nature of the cloud is a big problem when it comes to runtime monitoring specifically.
He explained that there are different levels of security. The first is posture management, basically checking if you left a door unlocked or a window open with misconfigurations or other simple errors. The next level up is runtime monitoring. This is essentially the equivalent of having security cameras in your home so you can see if someone actually broke in and is ransacking the place.
Corde said the only way to get that visibility is by putting sensors or security agents all over the place. But that’s hard to do when customers are spinning nodes up and down with abandon.
“Everything that people love about cloud infrastructure – which is the ability to be rapid and deploy fast and be very operationally efficient – unfortunately created changes in the attack surface very quickly,” he explained.
“The problem tends to be staying up to date on all the changes that are happening in the infrastructure,” Corde continued. “If I’m looking at an event and it’s coming off of a system in the cloud and that system is ephemeral – meaning that Kubernetes node is going to disappear in another 30 minutes when they refresh the infrastructure – the context tends to be missing. If I’m trying to analyze it or understand it, it’s much easier to do if I have a VM in an on-premise infrastructure that wasn’t changing.”
Corde said while storage infrastructure tends to be more stable, compute infrastructure tends to change “quite often.” And that means it’s hard to deploy security agents in the manner that security experts would like.
So, what’s the answer? Surprise, surprise, it seems like artificial intelligence (AI) – like that offered as part of Mandiant Hunt for Chronicle – can help.
Corde said one of the perks of AI is that it can scour huge amounts of runtime data as it pours in to look for anomalies and derive “as much signal from that noise as possible.” It can then bring its findings to security experts who can then decide the best course of action.
In the future, Corde said it’s possible that more mature AI systems could take action to mitigate threats autonomously. But he added it’s still early days in terms of AI’s reasoning capabilities and the last thing security experts need is for AI to make a wrong decision when tackling a problem autonomously.
Catch all of our coverage from Google Cloud Next 2024 right here.