Detect malicious activities across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud environments
Recent breaches have illustrated the damaging consequences of compromised access credentials. As a result, it is imperative to monitor users across your entire public cloud environment for suspicious activities. Unfortunately, the following pose challenges:
Multiple users have privileged access to public cloud environments, which enables productivity but creates a greater risk of exposure. The environment must be monitored for sensitive user activities.
The fragmented nature of public cloud environments consisting of users scattered across multiple accounts and regions leads to decentralized visibility. User behavior and activities must be correlated across an environment to truly detect risk patterns.
The RedLock Cloud 360™ platform employs AI to detect anomalous user behavior and sensitive user activities. This enables you to detect risks such as account compromises and insider threats.
The RedLock Cloud 360 platform uses AI to establish behavior baselines for each user and entity in your public cloud environment and flags deviations. For example, a potential access key compromise will be flagged if a user is determined to be using access keys from an unknown location to perform activities that have not been observed in the past. In addition, you can customize alert thresholds based on your organization’s risk tolerance.
The platform provides predefined policies that monitor for sensitive activities such as root user activity, security group changes, and IAM configuration updates. It continuously assesses these policies across users in multiple cloud accounts, regions, and even cloud service providers.
The RedLock Cloud 360 platform provides you with a time-serialized activity view for any given resource, enabling you to quickly identify the responsible user. For example, if a database gets associated with an open security group which then allows malicious traffic from to the instance, the audit trail will reveal the user and configuration change that led to the issue.