icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Cloud Storage

by David Schwalenberg
May 7, 2014

Today's organizations are increasingly making use of cloud-based services such as file storage and sharing in their normal operations. Using cloud-based file storage services such as Dropbox, OneDrive, and iCloud requires less infrastructure and maintenance and can result in cost savings for the organization. However, by using these cloud services, the organization gives up visibility and control. What vulnerabilities do cloud-based applications have? How are credentials managed? Is the organization's data encrypted and isolated from other users of the file storage service? What about availability and redundancy?

The increased use of cloud-based file storage may lead to data security, availability, and access control issues. An organization should make an informed decision when moving services to the cloud. The organization should also then be able to track and monitor the cloud services it is using and discover if any unauthorized cloud service interactions are occurring.

This dashboard presents detections of network interactions with cloud-based file storage and sharing services. These cloud service interactions are detected primarily through passive traffic analysis or via logged events, although some are also detected through active scans. The dashboard also presents information on SSL sessions involving cloud-based file storage services. This dashboard can help an organization understand and monitor its interactions with cloud-based file storage services.

This dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards, and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Monitoring. The dashboard requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.5
  • PVS 4.0.1
  • LCE 4.2.2

Note that this dashboard relies on PVS detections being forwarded to the LCE. Make sure that the PVS is configured to send syslog messages to the LCE: in Configuration > PVS Settings > Syslog, include the LCE host (with port 514) in the Realtime Syslog Server List. The LCE listens for syslog messages by default.

SecurityCenter Continuous View (SecurityCenter CV) is the market-defining continuous network monitoring solution. SecurityCenter CV includes active vulnerability detection with Nessus and passive vulnerability detection with the Passive Vulnerability Scanner (PVS), as well as log correlation with the Log Correlation Engine (LCE). Using SecurityCenter CV, an organization will obtain the most comprehensive and integrated view of its network and the cloud services it is using.

Listed below are the included components:

  • Cloud Storage - SSL Session Detections in Last 7 Days - This matrix presents detections of SSL sessions initiated to various cloud storage services that have occurred in the last 7 days.
  • Cloud Storage - Active/Passive Detections in Last 7 Days - This matrix presents active and passive detections of interactions with various cloud storage services that have occurred in the last 7 days.
  • Cloud Storage - Top IPs with SSL Sessions Over Last 7 Days - This table presents the top ten IP addresses that have initiated the most SSL sessions to cloud storage services within the last 7 days.
  • Cloud Storage - SSL Sessions Over Last 7 Days - This chart presents a 7-day trend graph of SSL sessions initiated to various cloud storage services.
  • Cloud Storage - Events Over Last 7 Days - This chart presents a 7-day trend graph of events related to various cloud storage services.