September 21, 2011
Today Alert Logic and Datapipe are announcing a new product that extends our network intrusion monitoring capabilities to public clouds, with initial support for the Amazon EC2 service. This is the first such service that was developed from the ground-up for deployment on Amazon Web Services, making it industry’s first network IDS service for Amazon cloud environments.
In my many conversations with AWS customers it has become clear that their experience deploying security products has been abysmal, in large part because the Amazon EC2 service lacks common network capabilities found in enterprise data centers. Amazon has made numerous network advances this year, but continues to lack the ability to perform network introspection, which a key requirement for a several controls mandated by PCI.
Further complicating cloud deployments, vast majority of enterprise-grade network security products today ship in a rigid appliance form factor – whether physical or virtual. This appliance-centric approach fails to meet the demands of s, which rely on web APIs to drive elastic environments and rapidly changing ephemeral network topologies.
The announcement of Threat Manager for EC2 changes all that, going far beyond virtual appliances by becoming a part of the cloud management fabric.
Our belief is that the future of cloud security is in embedded services, which become tightly coupled to cloud provider’s own management stack. Largely an afterthought today, security services will soon be consumed much in the same way as compute and storage resources – administered directly from the cloud management UI or controlled programmatically via a web API.
To accomplish this goal we have developed a set of services and APIs that allow our customers to avoid unnecessary scripting and manual configuration, which will serve as foundation for our ongoing development of the cloud Security-as-a-Service platform:
In the near future, we’ll be adding full support for role based management of hosts, automated load balancing of protected hosts between virtual appliances and other functions that make elastic scaling in EC2 painless. Additional Alert Logic services, such as log management and vulnerability scanning will be available soon.
If you have questions or comments, or interested in joining the beta program, please leave a comment or reach out to us by phone. Our cloud solutions will evolve rapidly and we hope to hear about what functions matter to you most.