RedLock is now a part of Palo Alto Networks - READ MORE
RedTalk: 7 Steps to Selecting Your Cloud Security Solution for AWS, Azure and Google Cloud
< Back

RedTalk: 7 Steps to Selecting Your Cloud Security Solution for AWS, Azure and Google Cloud

by   |   09.19.18, 6:00 AM

We recently sat down with RedLock’s VP of Solutions Engineering, Allan Kristensen. Allan’s 15+ years of experience building successful solutions engineering (SE) teams and his customer-first approach to build and grow emerging technologies are key qualities we hear about from satisfied RedLock customers every day.

The RedLock SE team gets first-hand knowledge of the problems prospective customers need to solve. Every potential customer has unique cloud security issues and goals, so we jumped at the chance to learn the common steps one needs to follow when evaluating and selecting a cloud security platform for Amazon Web Services (AWS), Microsoft Azure and Google Cloud.

Check out the RedTalk video above, or read on to learn what are the most important considerations when evaluating and prioritizing the selection of a cloud security solution for your AWS, Azure and/or GCP cloud infrastructure.


Q (RedLock HQ): Let’s start with Step 1 – although every prospective customer is unique, what is the “common” factor most customers bring up as a serious problem they need to solve?

A: (Allan Kristensen – AK): First step: Multi-cloud support

Our findings show that more or less all customers have a multi-cloud strategy – maybe not initially, but definitely in the future. With that in mind, it’s important to select a solution purpose-built for multi-cloud support – with a centralized approach and unified visibility across each of your cloud platforms today and in the future.

Q (RedLock HQ): The on-going news of data breaches and account compromises has driven awareness and the cloud security market is hotter than ever. Are customers confused by the many “solutions” that are out there?

A (AK): Second step is to ensure you have a solution with easy, efficient and automated deployment options

An API-based solution is the only way you can effectively support your very dynamic cloud infrastructures. Our experience shows that customers trying to leverage agent or proxy-based solutions fail and end up with security blind-spots because there are too much overhead, risk and manual work required to deploy and maintain a non-API based solution.

Q (RedLock HQ): DevOps teams are frequently remote and scale on-demand. Is this something you hear about when you talk with businesses who are already in the cloud?

A (AK): Third step: Auto-discovery

You can’t protect what you can’t see, and this is why it’s important to select a solution that auto-discovers your cloud resources, such as virtual machines, database instances, storage buckets, users, access keys, security groups, networks, gateways, snapshots and more. A central and auto-updated CMDB / asset inventory database is the foundation for a successful roll-out of your cloud security strategy.

Q (RedLock HQ): What are the most requested capabilities virtually every customer asks for when searching for a solution?

A (AK): Fourth step: Auto-monitoring

In addition to the importance of auto-discovery of cloud resources, it’s also critical that the solution auto-applies centrally defined and controlled security policies across the discovered cloud resources to ensure all your cloud resources are automatically monitored by your corporate-defined security policies.

The security policies and monitoring need to cover all the key risk vectors in your cloud environments, including the following:

  • Configuration checks, which will help ensure your cloud resource configuration settings are within the defined guardrails and that you are not experiencing any configuration drifts across your AWS, Azure, and GCP public cloud environments. Our recent findings show that 51% of organizations publicly exposed at least one cloud storage service.
  • Continuous network monitoring to ensure you have central visibility into suspicious network traffic and activities in your cloud environments. It’s not enough to have configuration and compliance checks in place, because configuration checks will only tell you what can go wrong in your cloud environment, not what’s actually happening and is going wrong. Configuration checks will, for example, help you detect and alert on broadly configured Security Groups that allow in-bound traffic on all ports from all IP addresses. This is a critical situation, but without network monitoring, you can’t determine if the Security Group misconfiguration has been exploited, and whether or not you’ve experienced traffic through the security Group to workloads in your infrastructure. Furthermore, you can’t detect and alert on more advanced threats, such as cryptojacking, without having an efficient public cloud network security monitoring solution in place. The most recent RedLock CSI report shows that 25% of organizations currently have cryptojacking activities in their environments.
  • User and access key monitoring are also critical components because our recent findings show that 27% of organizations experienced potential account compromises, which can not only lead to loss of data but also the loss of control of entire cloud environments. UBA (User Behavior Analytics) and machine learning (ML) are key components of identity monitoring as well, which will help customers look for and alert on user anomalies across millions of user events. Without UBA and ML it’s impossible to detect more sophisticated attacks due to lost identities.
  • A fair number of customers leverage Host Vulnerability and/or threat detection monitoring within their public cloud infrastructure, and it’s important to select a cloud threat detection solution, which can consume and leverage the information collected by these solutions to efficiently incorporate the additional and valuable security information into the central cloud security monitoring.

 

Q (RedLock HQ): If there’s one “killer feature” RedLock customers say they couldn’t live without - what would that be?

A (AK): Fifth step: Correlation of events

This one is easy, and it comes up every time we demo the RedLock Cloud 360 solution with a customer prospect... Customers are blown away by the visibility and correlation of information we can provide. Efficient correlation of the data sets we just talked about is a critical success factor for efficient public cloud security monitoring. Correlation provides additional context and enables customers to efficiently detect and remediate findings such as the following:

  • Workloads with over permissive security group configurations attached, known host vulnerabilities detected, and traffic from suspicious IP addresses etc.
  • Identification of privileged user activities across cloud environments which are performed for unusual (not seen before) locations.

 

Q (RedLock HQ): One area we haven’t touched on yet is remediation. What do you think are the key issues that need to be considered?

A (AK): Sixth step: Remediation / auto-remediation.

Having multiple remediation options, including the list below, is important to successfully apply different remediation strategies based on automation requirements or cloud adoption maturity:

  • Remediation recommendations, which can be leveraged by customers to perform “manual” remediation within the public cloud infrastructures.
  • Guided remediation for customers to perform remediation tasks from the Cloud Threat Detection platform.
  • Automated remediation for automated remediation of all/or selected security findings.

 

Q (RedLock HQ): Many enterprises have dedicated SOC teams for remediation. What’s important to these businesses as they look for a comprehensive cloud threat defense platform?

A (AK): Seventh step: Integration

Finally, it's important to leverage an open platform, which enables you to send cloud alerts to existing solutions and workflows, such as SIEM, automation tools, ticketing systems etc. to ensure existing flows can be leveraged for cloud security monitoring as well.


Related Posts