Issue link: http://cp.revolio.com/i/915954
e ven before a breach takes place, consider- able recurring costs go beyond the cost of the designated security team and the installed security measures. Oen, network teams play a major role in identifying and troubleshooting security, diverting their time from other network activities. Viavision conducted a study involving over 1,000 network professionals and network IT analysts. It discovered that 88 percent of respondents are involved in security investi- gations, and 80 percent of them report an increase in the time they spend on these investigations. ree out of four of these respondents spend up to 10 hours per week work- ing exclusively on security issues. is figure demonstrates how widespread and time consuming security has become for enterprises. Unfortunately, things aren't getting any easier. Hackers and their malware are continuing to evolve to find weak- nesses. e Viavision study2 also found that most respon- dents saw an increase in attack sophistication. With the rapid adoption of cloud-based architectures, the bad guys are looking at new, innovative ways to attack. a new Breed of securiTy ThreaTs e increased adoption of cloud-based architectures has resulted in a high degree of automation and operational efficiency in the data center. is situation has allowed enterprises to flexibly deliver unimagined service agility, unlocking a new generation of business applications. Cloud- based architectures are "ephemeral" and can be thought of as having a dynamic logical or virtual layer. With policy- driven automation, this layer is dynamically assigned a set of underlying shared resources that can change rapidly and frequently, allowing for fast service deployment with low operational cost. For this reason, the security game has changed and the static nature of traditional security measures can't keep pace. e highly automated and dynamic nature of these architec- tures renders traditional security measures, such as a Layer 7 Firewall (FW) or an intrusion-detection system (IDS), insufficient. Generally placed at the network perimeter, these measures are less effective against the new breed of malware and other cyberattacks that operate more insidiously in the data center or extended enterprise-network perimeter. how applicaTions are processed in a cloud-Based archiTecTure Applications such as a video streaming, email and banking are handled differently in a cloud-based architec- ture. ose served in a cloud architecture can be thought of as being provided by a set of service tiers that draw their compute, memory and storage resources from dynamically assigned and abstracted logical constructs called virtual machines (VMs) or virtual containers. ese constructs are also called workloads. For example, one enterprise customer may offer a video application that requires support from a web-server tier, a database-server tier, an optimization tier and a video-streaming tier. Each of these tiers will have its own VM or container. e application traffic is routed to the required service tiers as needed. Figure 1 above depicts this arrangement. SDN's ephemeral nature comes from these workloads' ability to come and go quickly. VM assignments are auto- mated on the basis of policy-defined criteria whose goal is to optimize the enterprise's business objectives. erefore, at any point in time, an application could be serviced by a diverse set of workloads in different physical locations across the enterprise network. The underlying shared-resource layer Existing enterprise cloud architectures aren't restricted to the data center and are typically expanding to branch or campus offices, and to private or public clouds. VMs or containers are assigned actual compute, memory and storage resources that can come from a shared pool in a data center but also from a branch office or a public or private cloud. As a result, an increasing number of new entry points to the enterprise network need protection. Applications that are delivered across the cloud architecture have little application-specific isolation or Figure 1