"I have frankly been blown away by RedLock Cloud 360’s forensics capabilities - my team can go back to any point in time and investigate an issue within minutes."
Fortune 1000 organization that makes software for the architecture, engineering, construction, manufacturing, media, and entertainment industries
Each line of business manages its own AWS account and applications; 10,000+ workloads across 100 AWS accounts
The security team was unable to parse through volumes of data and investigate issues
The organization gained visibility and control over risks across its massive AWS footprint enabling it to confidently accelerate digital business
The Fortune 1000 software provider is a multinational corporation that provides solutions to enable designing, drafting, and modeling of buildings. It employs 10,000 people across the globe and has multiple lines of business that independently manage their software development operations.
In recent years, the company successfully moved from selling software to a cloud-based business model, which doubled its stock price. It uses Amazon Web Services (AWS) for software development and delivery but each line of business manages its own AWS accounts. The result is that the organization has more than 10,000 workloads across 100 AWS accounts.
The massive AWS footprint made it very challenging for the security team to investigate issues. They considered building a custom solution using Splunk but it was cost prohibitive to ingest all the necessary data from their AWS environment. Moreover, the dynamic nature of cloud environments made investigations challenging. For example, cloud workloads can be ephemeral and so offending workloads may have already been terminated, which makes it difficult to trace an issue after the fact.
The RedLock Cloud 360™ platform was implemented in minutes by enabling API access to all 100 AWS accounts. It immediately began aggregating and correlating massive volumes of configuration, user activity, network traffic, and threat intelligence data to assess risk across the organization’s 10,000+ workloads. With the RedLock Cloud 360 platform, the security team is able to achieve several important goals:
The RedLock Cloud 360 platform enables the security team to investigate issues across all 100 AWS accounts in a single pane of glass. They can go back to any point in time and playback the state of their environment to trace an issue. Upstream and downstream impact analysis can be easily performed by drilling down on the platform’s interactive map.
The RedLock Cloud 360 platform’s patent-pending risk scoring methodology computes risk scores for every workload and aggregates the scores across different lines of businesses as well as across the entire environment. This enables the security team to benchmark and compare the risk posture across the different business units. In addition, the security team can report on the security and compliance posture of the AWS environment to its management team and board of directors.
The security team has created policy guardrails to monitor for violations to established security policies. The RedLock Cloud 360 platform monitors for violations of these policies and instantly alerts the security team. The alerts provide context on the issue which enables the team to approach the DevOps team to quickly resolve the issue. The platform not only monitors existing workloads but also immediately starts monitoring new workloads that are dynamically created.