The National Institute of Standards and Technology Cybersecurity Framework provides guidance on standards, best practices, and recommendations for addressing today’s security and compliance challenges. The RedLock and Barracuda combined solution offers an industry leading solution that addresses today’s public cloud security and compliance challenges aligned to the core pillars of the NIST Cybersecurity Framework (NIST CSF), including:
IDENTIFY: RedLock continuously discovers assets and profiles applications to provide comprehensive visibility across cloud environments.
PROTECT: Barracuda’s industry-leading CloudGen WAF and CloudGen Firewall implement safeguards that ensures the protection of cloud resources and web applications.
DETECT: The solution detects a variety of risks including resource misconfigurations, malicious user activities, suspicious network traffic, host vulnerabilities or compromises, and web application security threats.
RESPOND: RedLock helps prioritize the highest risks, enables rapid investigation, and integrates with enterprise incident response tools.
The security of public cloud infrastructure is a shared responsibility between the cloud service provider and the organization. Specifically, organizations are responsible for monitoring resource configurations, user activities, network traffic, host vulnerabilities, and web applications. However, the dynamic nature of the cloud makes this challenging.
While the cloud enables agility by allowing users to create, modify, and destroy resources on-demand, this often occurs without any security oversight. RedLock provides hundreds of out-of-the-box policies for common security and compliance standards such as CIS, PCI, NIST, and HIPAA to monitor public cloud environments. You can rest assured that any misconfigurations of cloud resources such as publicly exposed cloud storage services will be immediately detected and remediated.
In cloud environments, multiple users have privileged access which enables productivity but creates greater risk of exposure. It is imperative to monitor users across your entire AWS environment for anomalous activities. Unfortunately, the distributed nature of the cloud consisting of multiple accounts and regions makes this difficult. The RedLock Cloud 360 platform enables you to detect issues such as account compromises and insider threats in your public cloud environment. For example, a potential access key compromise will be flagged if a user is determined to be using access keys from an unknown location to perform activities that have not been observed in the past.
The absence of a physical network boundary to the internet increases the attack surface in the cloud by orders of magnitude. Monitoring network traffic is necessary for detecting suspicious activity. The Barracuda CloudGen Firewall serves as a single point of entry for ingress and egress traffic. It provides network visibility across your environment and blocks suspicious activities. The RedLock Cloud 360 platform enables you to detect network intrusions. The platform correlates network traffic with data from your public cloud environment and third-party threat intelligence sources to identify threats. For example, an alert will be triggered if an unpatched resource accepts a connection from a suspicious IP address.
As is the case in on-premise environments, unpatched hosts in cloud computing environments are also vulnerable to attack. However, public cloud environments are constantly changing and IP addresses are elastic, which makes traditional approaches to vulnerability management unreliable. The RedLock Cloud 360 platform provides the context that is necessary to be able to identify host vulnerabilities. It correlates security data from your public cloud environment with vulnerability data from third-party tools. This enables you to monitor for vulnerabilities and prioritize remediation for hosts with high-risk scores. For instance, you can monitor your environment to determine if any hosts are impacted by the Spectre and Meltdown vulnerabilities.
The automated provisioning and tear down of applications in public cloud environments is driving the need for automated application security in order to keep pace. The Barracuda CloudGen WAF secures your applications, defends against bots and DDoS attacks, and accelerates application delivery. It also offers built-in security-automation features and leverages configuration automation which enables security to be integrated directly into the code building process. In addition, you can leverage the Barracuda Vulnerability Manager service on-demand to scan web applications for security risks.