RedLock is now a part of Palo Alto Networks - READ MORE
< Back

Mitigating Cloud Security Risks Starts with Data — Ends with Context

by   |   02.28.18, 5:46 AM

“The problem with data is that it says a lot, but it also says nothing.‘
- Sendhil Mullainathan, Professor of economics, Harvard

According to IDC, worldwide spending on public cloud computing will increase from $67B to $162B - growing at more than 6 times the rate of IT spending from 2015 through 2020. So it’s no surprise (Tesla hack) that public cloud computing adoption is outpacing cybersecurity defenses. Decentralized visibility across multiple cloud accounts/regions combined with privileged user access, and the dynamic nature of public cloud computing have “turned the whole security model upside down”.

“Traditional security controls that you’ve spent the last few decades deploying in your Enterprise are no longer relevant in the cloud - the cloud is highly dynamic…your developers are decentralized…they have a lot of access to these environments that are privileged… and so the whole security model’s been turned upside down” ~Varun Badhwar, RedLock CEO

A Holistic, Modern Approach is Required

Traditional security tools are incompatible with the cloud, as they were designed for on-premises networks, and point security solutions that produce data silos are useless since they can’t provide actionable insights. In order to survive today, businesses must take the additional steps to contextualize their data. Just as a doctor diagnosing a patient with a rare blood disease based on body temperature alone is highly questionable, so is making business decisions derived from isolated data out of context. Data and context are not the same thing.

Businesses need to be able to answer questions like, “Why did our customer records get exposed last week?” as opposed to just “What happened to our customer database last week?” One of the biggest challenges is “connecting the dots” between the disparate data sets — including resource configurations, user activities, network traffic, host vulnerabilities, and threat intelligence feeds -- in order to extract actionable insights.

Deriving Context From the Data - Minus “Alert Fatigue”

Recently, our friends at Pentester Academy, sat down with RedLock co-Founder and CEO, Varun Badhwar, to discuss the evolving cloud security sector and a holistic approach to meeting the challenges of securely migrating to the cloud.

We can’t look at data like we did traditionally in on-premise data centers where we looked at network security as one silo, then you looked at endpoint security...then you looked at user security all separately. Where RedLock is different that we look at all of this data collectively and our IP is based on how we can connect the dots between network traffic, between user actions and configurations about the environment...along with third party data feeds.”

In addition to the company overview video interview, Varun also walks the viewer through a demo, highlighting some of these points. At the 2:44 mark, the RedLock Cloud 360TM platform utilizes threat intelligence feeds and machine learning to infer what types of applications (web servers, container management, etc) are running in the cloud and that a database is accepting inbound traffic from a suspicious IP.

Screenshots and explanations that illustrate the “connecting the dots”.

Following along with this example, once alerted to a misconfigured (open, Internet-facing MongoDB database), the next steps would be to a) discover who the user was and b) alert them to fix the misconfiguration and place appropriate policy guardrails in place to prevent the same mistake from happening again.

This is just one use case where disparate data sources are analyzed as a whole, and the dots intelligently connected, integrating with one of our many threat intelligence sources - in this case Amazon GuardDuty. Here RedLock correlates multiple data sources from the cloud environment along with external threat intel and presents the user with an interactive “time machine” audit trail of all of the changes that have been made and the error that occurred triggering the alert that was proactively pushed to the administrator.

Get the NEW Cloud Security Trends - February 2018 edition

redlock cloud security trends February 2018

The threats are real and cybercriminals are evolving and actively targetinginformation - and more - left unsecured in public cloud environments. Our report provides 11 Tips for your “PreCrime” Unit to Combat Tomorrow’s Cybercrime. View our complete findings by downloading the Cloud Security Trends - February 2018 report.

Download the Report




Related Posts