As various forms of distributed computing, such as cloud computing, have come to dominate the computing landscape, security has become a bottleneck issue that currently prevents the complete migration of various capabilities and systems associated with sensitive data, such as financial data, to cloud-based infrastructures, and/or other distributive computing models. This is because many owners and operators of data centers that provide access to data and other resources are extremely hesitant to allow their data and resources to be accessed, processed, and/or otherwise used, by virtual assets, such as virtual machine and server instances in the cloud.
In a cloud computing environment, various virtual assets, such as, but not limited to, virtual machine instances, data stores, and various services, are created, launched, or instantiated, in the cloud for use by an “owner” of the virtual asset, herein also referred to as a user of the virtual asset.
Herein the terms “owner” and “user” of a virtual asset include, but are not limited to, applications, systems, and sub-systems of software and/or hardware, as well as persons or entities associated with an account number, or other identity, through which the virtual asset is purchased, approved managed, used, and/or created.
One long standing problem associated with cloud computing environments is the fact that malware can be introduced into the cloud computing environment, just as in any computing environment, via communications conducted by one or more virtual machines operating in the cloud computing environment. The introduction of malware into a virtual machine, and therefore into an application, service, enterprise, or cloud infrastructure of a cloud computing environment is known as intrusion. However, once introduced, some forms of malware take control of some, or all, of the infected virtual machine functionality and use the virtual machine to send outbound messages and data. This outbound malware mechanism is referred to as extrusion.
The detection of both malware intrusion and extrusion is an important part of making cloud computing environments more secure. However, a given cloud computing environment can include hundreds, thousands, or even millions, of virtual machines and other assets, owned or used by hundreds, thousands, or even millions, of parties. Consequently, detecting malware intrusion and extrusion is an extremely difficult and resource intensive task.
What is needed is a method and system for detecting malware intrusion and extrusion that uses existing cloud based infrastructure and components to effectively and efficiently help detect intrusion and extrusion events.