Looking past 2020, you couldn’t stop but notice that hackers are trying to steal as much as digital bytes they could, no stone was left behind, identificaton, user data, you […]
Share this:
Looking past 2020, you couldn’t stop but notice that hackers are trying to steal as much as digital bytes they could, no stone was left behind, identificaton, user data, you name it! So ‘Security’ is a very big term that means, many things to many people so what about, ‘CyberSecurity’? Looking at TechTarget defintion : “Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems”. Ok, so couple of years ago, we thought, our storage arays are a good mixture of hardware + software, they are connected to many servers and we should try to protect them at the infrastructure layer as much as we could, and yes, there are many options to already do so at the product level, most are documented but many customers don’t read all the documenhtion so it should be built-in or at least, warn you about issues. Enter CloudIQ Cybersecurity: Dell Technologies has expanded the capabilities of it CloudIQ AI/ML-based proactive monitoring and analytics application to include cybersecurity monitoring. CloudIQ will assess if infrastructure security configurations adhere to a user’s chosen policy and will proactively notify them of misconfigurations and recommend actions to quickly reestablish security. Why spend hours manually checking infrastructure security configurations every day or leave infrastructure vulnerable if you don’t have time to check them, when automation can notify you when security is misconfigured and what to do about it?
CloudIQ is a cloud- and AI/ML-based application that does this for you in the same dashboard that proactively monitors and predictively analyzes your infrastructure health, performance, and capacity.
That means your business will always be aware of your infrastructure’s security posture and how to fix it because the staff who’s daily job is to monitor infrastructure health will also see security.
What are security configurations and why are they important? To keep IT infrastructure meeting business’s needs, IT administrators tune infrastructure performance and capacity, similar to mechanics tuning your car. Systems administrators must have access to each IT system’s components (e.g., CPU, memory, disk drives, ports, system software/firmware, etc.) to make the necessary configuration changes. But these configurations (or settings) must be locked down to keep out cybercriminals. Infrastructure misconfiguration opens organizations to intrusion and is considered to be a leading threat to data security (e.g., within the top 10 security risks according to the Open Web Application Security Project foundation). CloudIQ monitors security configurations to reduce IT infrastructure’s attack surface and visibility to cybercriminals. Called “infrastructure hardening,” security configurations are the foundation for a comprehensive cybersecurity solution, which includes a host of security applications and processes beyond above the hardened infrastructure. What is the advantage of having cybersecurity monitoring in CloudIQ? Infrastructure misconfiguration opens your organization to cyber-intrusion and is a leading threat to data security. Using the same application for monitoring infrastructure health cybersecurity keeps security top-of-mind with system administrators, who are best positioned to quickly remediate security misconfigurations because they are the people closest to infrastructure every day. Dell EMC CloudIQ Cybersecurity is a Tier-3 cloud-based software that is part of CloudIQ SaaS solution and provides an inherent, simple, and reliable solution for Cybersecurity risk assessment in various ISG products (starting with PowerMax and PowerStore storage systems). CloudIQ Cybersecurity will support the organization’s business functionality by reducing the attack surface and visibility to cybercriminals. CloudIQ Cybersecurity will provide an on-going Cybersecurity risk assessment on selected and important security configurations and setups. It presents the impact of the Cybersecurity risk on a specific and/or family of systems. CloudIQ Cybersecurity does not impact the system health score and provides a new and dedicated Cybersecurity risk level. CloudIQ Cybersecurity will present to the customer new information on his system’s Cybersecurity status all the time. Cybersecurity is a feature in CloudIQ (our Saas monitoring) that provides, an inherent, simple, and reliable solution for cybersecurity risk assessment. It provides an ongoing risk assessment on selected security configurations and setups. Is my cybersecurity information safe in CloudIQ? Yes. CloudIQ uses the same, proven network that customer’s systems use to automatically call home the Dell Technologies data center for support. The cybersecurity data is safely stored with CloudIQ and with privacy controls, the Dell Technologies data center. CloudIQ supports Role-Based Access Control (RBAC), so only users designated by the primary CloudIQ user (e.g., storage system administrator) are allowed to see cybersecurity information. Which infrastructure products does CloudIQ cybersecurity support today? CloudIQ cybersecurity will support PowerMax (available May 26, 2021 with Unisphere 9.2.1.0 and beyond) and PowerStore (planned availability June 9, 2021 for PowerStore 2.0.0.0 and beyond). CloudIQ also supports health, performance and capacity monitoring and analytics for PowerMax and PowerStore. What is the cost of CloudIQ cybersecurity? Cybersecurity is a new standard feature for CloudIQ, and CloudIQ is included in customer’s ProSupport Enterprise contract at no extra cost. The primary user will be the system administrator who uses CloudIQ today to monitor and troubleshoot system health, performance, and capacity, but IT security specialists can also use CloudIQ dashboards and the policy tool. What are the three big benefits? CloudIQ Cybersecurity helps you:
Reduce Risk – with proactive email notifications that alert you about risks and easy-to-read cybersecurity dashboards that pinpoint risk and recommend actions for fast resolution and assure your ongoing cybersecurity awareness.
Manage Policy – with an easy-to-use tool for customizing infrastructure security policy (i.e., choosing configurations that you want deployed on your infrastructure).
Improve Productivity – with an application that continuously monitors cybersecurity for you versus spending hours inspecting every system yourself – and it conveniently does this in the same application you can use for daily infrastructure health, performance, and capacity monitoring.
Key features that deliver the three big benefits. Reduce risk with:
Cybersecurity Assessment – Determines if system security configurations have deviated from your policy (e.g., role-based access control, default administrative password, data at rest encryption enabled, NFS security level, and more).
Cybersecurity Risk Overview – Shows you the number of systems with high, medium, and low security risks in the same dashboard for monitoring system health to help you prioritize actions.
Cybersecurity Risk Levels – Shows you every system top-down according to level of risk to help you further prioritize actions.
Cybersecurity Details and Remediation – Shows you each security misconfiguration and the recommended action, and lets you launch each system’s element manager to take corrective action.
Manage Policy with:
Cybersecurity Evaluation Plan Editor – Let’s you select security configurations that CloudIQ will compare to your systems’ actual configurations. These are based on NIST 800-53 r5 and NIST 800 – 209 standards as well as Dell Technologies best practices for each specific infrastructure product.
Improve Productivity with:
Continuous Monitoring – Automates monitoring, so you don’t have to spend hours manually checking systems over and over again every day.
Proactive Notification – Immediately notifies you by email when a system configuration deviates from policy.
All-in-One Monitoring: Using the same tool for monitoring and troubleshooting infrastructure health and cybersecurity issues.
Now, let’s discuss some defintions that are important to understand within the context of CloudIQ Cybersecurity:
System Data – Data that collected from customer storage system and securely stored in CloudIQ Cybersecurity data store
Evaluation Test – The test that CloudIQ Cybersecurity execute to search for security deviations
Evaluation Plan – List of evaluation tests (Security best practices specially designed for every product line to address architecture needs) , customer select for his System that he want to monitor
System Security Status – The security information about the system, include:
Test result – What the result of the last test run (If found deviation or not)
Security Issue – Security issue that was found base on the test result
Security Risk Level – The level of the risk the system is in
What are the CloudIQ cybersecurity process that underly the various features?
Step 1: Data Collection – Security data from end-users’ systems is sent through the secure Dell Technologies Secure Remote Services network to CloudIQ, hosted in Dell Technologies secure data center.
Step 2: Data Processing – After data is collected, it will be organized, normalized, and securely stored by CloudIQ with end-user data privacy controls in the Dell Technologies data center.
Step 3: Evaluate Data – End-user system’s actual security configuration data is compared to the configurations which end-users specified with the Cybersecurity Evaluation Plan Editor.
Step 4: Data Analysis – Misconfigurations’ impact on numeric risk levels are calculated and recommended actions are derived.
Step 5: Display and User Interaction – Results of the analysis are displayed in the CloudIQ user interface and emails are sent to users who have opted in for notifications
Now, enough with the theoretical materials, let’s see some screens:
Policy Page Main Page – what is going to be evaluated, based on the set criterias, you selected
Edit Evaluation Plan – what do you want to be evaluated, in your evaluation plan. Flexibility is the key , every customer can define tailor made evaluation plan for every System based on provided evaluation tests.
Edit Evaluation Plan – An in-depth explanation of each of the items, that will be evaluated.
EDIT
Overview Page – Cybersecurity Widget
Overview Page – Cybersecurity Widget
Risk Level Assessment
The following table describes the CloudIQ Cybersecurity risk levels and when each level can occur:
Risk Level:
Occurs when:
Normal
•There are no Active Cybersecurity issues. •The number of tests in the plan is above 70% of the available tests, and the number of tests in the plan is greater than 5.
Low
•There are 1 to 2 Active Low severity Cybersecurity issues. •The number of tests in the plan is above 70% of the available tests, and the number of tests in the plan is greater than 5.
Medium
•There are 1 to 5 Active non-High severity Cybersecurity issues where at least one is Medium severity, and the number of tests in the plan is greater than 5. •There are greater than 5 Active Low severity Cybersecurity issues, and the number of tests in the plan is greater than 5.
High
•There is at least one High severity Cybersecurity issue, and the number of tests in the plan is greater than 5.
•There are greater than 5 Active non-High severity Cybersecurity issues where at least one is Medium severity, and the number of tests in the plan is greater than 5.
Overview Page – Cybersecurity Widget – UI flow
User is at the overview page User clicks on link, in the cybersecurity widget User is routed to System Risk page
Overview Page – Cybersecurity Widget – UI flow
User is at the overview page
User clicks on the number of issues button ( ) in the cybersecurity widget
User is routed to Cybersecurity Issues page
List View
tab
Card view
System name and link to Switch to list its cybersecurity tab view
Close the banner:
User clicks on the button
Introduction banner will disappear 3) In next page loading the banner will appear
Close the banner and don’t show again:
User check the checkbox
User clicks on the X button
Introduction banner will disappear
In next page loading the banner will not appear
User is at system risk page, list view / card view
User clicks link
User is routed to system risk help page
User is at system risk page, list view / card view
User clicks on the views switch button /
Card view / list view is showed
User is at system risk page
User clicks on the system name
User is routed to system’s Cybersecurity tab
summary and issues view
summary and issues view
summary and eval. plan view
System Cybersecurity Tab – UI flows
• Switch between cybersecurity issues and evaluation tabs:
User is at cybersecurity tab, viewing inner tab of “cybersecurity issues”
User clicks on the “evaluation plan” inner tab
Evaluation plan tab is presented
User is at cybersecurity tab, viewing inner tab of “evaluation plan”
User clicks on the “cybersecurity issues” inner tab
cybersecurity issues tab is presented
System Cybersecurity Tab – UI flows
User clicks on link in the top right of tab
User is routed to edit evaluation plan page
– Active
Resolved
UI flow
User is at issues page, active tab / resolved tab
User clicks on the resolved tab / active tab
resolved tab / active tab is showed
UI flow
User clicks on the system name
User is routed to system’s Cybersecurity tab
System name
You can see a demo of the CIQ Cybersecurity UI, below