A Framework Architecture for Agentless Cloud Endpoint Security Monitoring

Autor: Asem Ghaleb, Issa Traore, Karim Ganame
Rok vydání: 2019
Předmět:
Zdroj: CNS
Popis: Cloud computing endpoints security monitoring faces more challenges compared with traditional networks due to the ephemeral nature of cloud assets. Existing endpoint security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored instances increases, agents installation, configuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for security monitoring of cloud computing endpoints. The endpoints are accessed by the monitoring framework running on a central server. Since the monitoring framework is separate from the machines for which the monitoring is being performed, the various security models of the framework can perform data retrieval and analysis without utilizing agents executing within the endpoints. The monitoring framework retrieves transparently raw data from the monitored endpoints that are then fed to the security modules integrated with the framework. These modules analyze the received data to perform security monitoring of the target endpoints. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on endpoints based on the data collected using the introduced framework.
Databáze: OpenAIRE
Externí odkaz: