Cyber Situation Awareness Monitoring and Proactive Response for Enterprises on the Cloud

TL;DR

This paper presents a framework for enterprises to enhance their cybersecurity situational awareness and response capabilities in cloud environments through improved analysis, collaboration with providers, and secure communication protocols.

Contribution

It introduces a novel framework enabling better enterprise-cloud collaboration for security monitoring and response, including a secure protocol for communication.

Findings

Enhanced security analysis using advanced metrics

Improved decision-making for threat responses

Secure communication protocol for enterprise-cloud interactions

Abstract

The cloud model allows many enterprises able to outsource computing resources at an affordable price without having to commit the expense upfront. Although the cloud providers are responsible for the security of the cloud, there are still many security concerns due to inherently complex model the cloud providers operate on (e.g.,multi-tenancy). In addition, the enterprises whose services have migrated into the cloud have a preference for their own cybersecurity situation awareness capability on top of the security mechanisms provided by the cloud providers. In this way, the enterprises can monitor the performance of the security offerings of the cloud and have a choice to decide and select potential response strategies more appropriate to the enterprise in the presence of the attack where the defense provided by the cloud doesn't work for them. However, some response strategies, such as Moving Target Defense (MTD) techniques shown to be effective to secure cloud, cannot be deployed by the enterprise themselves. In this paper, we propose a framework that enables better collaboration between enterprises and cloud providers. Our proposed framework, which offers more in-depth security analysis based on the set of most advanced security metrics, allows the security experts of the enterprise to obtain better situational awareness in the cloud. With better and more effective situation awareness of cloud security, our framework can support better decision making and further allows to deploy more appropriate threat responses to protect the outsourced resources. We also propose a secure protocol which can facilitate more secure communication between the enterprises and cloud provider. Using our proposed secure protocol, which is based on authentication and key exchange mechanism, the enterprises can send a secure request to the cloud provider to perform a selected defensive strategy.