Leveraging OSSEC for Cloud Compliance and Security

Posted on May 3, 2019 by sshinn

Moving to the cloud presents a host of security and compliance responsibilities for enterprise security and IT teams. While cloud providers handle hardware and infrastructure, cloud workloads themselves must be secured by the enterprise. Traditional on-premise controls and network security don’t work in the perimeter-less virtual environment of the public cloud.

OSSEC offers a free and open source solution to address key cloud workload protection requirements such as intrusion detection, compliance (PCI-DSS, HIPAA, and others), active response, and file integrity monitoring.

OSSEC also meets two critical cloud requirements — cost-effectiveness and the ability to run anywhere. Written in C, the project runs in megabytes not gigabytes, which ensures that DevOps teams won’t drive up hourly cloud usage costs. Owing to its on-premise roots, OSSEC also runs anywhere — any operating system, VM, or cloud environment — giving engineers a single tool to use everywhere. And because it’s open source, engineers can get started quickly and can extend the project to meet their particular requirements. For advanced capabilities, including graphical management, Atomicorp offers Atomic Enterprise OSSEC.

OSSEC Capabilities

OSSEC offers five key intrusion detection capabilities to users in any environment, on physical servers, in containers or virtual machines, or in public or private clouds.

Long Based Intrusion Dection (LIDS) – Log based Intrusion Detection actively monitors and analyzes data from multiple log data points in real-time
File Integrity Monitoring (FIM) – File integrity monitoring for both files and windows registry settings in real time not only detects changes to the system, but it also maintains a forensic copy of the data as it changes over time.
Rootkit and Malware Detection – Process and file level analysis to detect malicious applications and rootkits
Compliance Auditing – Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks
System Inventory – collects system information, such as installed software, hardware, utilization, network services, listeners and other information.
Active Response – respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions

Meet 99 Specific PCI Requirements with a Single Solution for On-premise, Cloud, or Hybrid Environments

Download the Whitepaper

Using OSSEC in the Cloud and with DevOps

As public cloud customers are discovering, moving to the cloud presents a host of cloud security and compliance responsibilities for enterprise security and IT teams. While cloud providers handle hardware and infrastructure, cloud workloads themselves must be secured by the customer.

This fact is often obscured in the quest for cost savings and efficiencies of the public cloud. However, all major cloud providers publish “shared responsibility matrices” which highlight what security and compliance requirements are owned by the customer. This can be summarized nicely by Amazon’s AWS as “Amazon is responsible for security and compliance of the cloud, the customer is responsible for security and compliance in the cloud.”

This leaves the enterprise with the need to bring their own security and compliance tools to the cloud. And traditional on-premise controls and network security don’t work in the perimeter-less software-defined environment of the public cloud. Cloud security must be built directly into the cloud workload.

In this area, the cloud presents another challenge — whatever additional system security and cloud compliance tools are added to the workload will increase the cost of cloud usage. In on-premise environments, enterprises do not need to concern themselves with the amount of computing resources consumed by their cloud security software. In the cloud, this can cost real money.

OSSEC

OSSEC provides a solid foundation to meet multiple security and compliance requirements not handled by the cloud provider. It is installed directly on the workload and offers all of the same functional capabilities outlined above. From a cost perspective, OSSEC adds minimal overhead (typically less than 3 percent), which means it will not almost no impact on cloud usage costs.

Most organizations moving to the public cloud have also adopted a devops process with hundreds or even thousands of releases a week. To effectively secure these releases, security tools must be deployed easily using devops orchestration tools like Ansible, Puppet, and Chef. OSSEC easily integrates with these tools as well as custom scripts to ensure it can be deployed with every release.

Next Steps: Getting Started and Meeting Enterprise Requirements with OSSEC

OSSEC is free and open source and is licensed under the GNU Public License. The OSSEC project may be downloaded at www.ossec.net.

Atomic Enterprise OSSEC

While OSSEC is an extremely powerful and versatile tool, many organizations require commercial support or advanced features for cloud security and cloud compliance. Atomic Enterprise OSSEC meets these needs with expert customer support, graphical management, compliance reporting or other enterprise features. To learn more about how Atomicorp can help meet system security and compliance requirements with OSSEC, get in touch for a personalized demo.

Atomic Products For Workload Security and Compliance

Built on the open source foundation of OSSEC, Atomicorp offers comprehensive host intrusion detection, attack protection and compliance all in a single unified platform that runs anywhere.

Atomicorp protects critical workloads in the cloud, the data center and in hybrid environments.

Learn More