RedLock discovers the new resource and determines that it has been left open to the internet. Not necessarily an issue.
RedLock discovers that the open security group is associated with a cloud virtual machine that is running MongoDB, which is a bad practice.
RedLock determines that the database is receiving traffic from the internet which indicates a potential problem.
RedLock analyzes that the traffic to the database originates from a known malicious IP address.
RedLock automatically remediates the issue and removes the database from the public security group to a private one.
Ensuring that your organization adheres to your “gold standard” security policies is imperative for managing risks. Unfortunately, security governance is challenging in dynamic public cloud computing environments due to the lack of visibility and control over changes. Successful security governance requires answers to a few key questions to ascertain that your carefully drafted security architecture requirements are being enforced in the cloud.
The first step in security governance involves having visibility into the types of resources in your environment. RedLock uses AI to profile application behavior and identify the role of each cloud resource. This enables you to create relevant policies for each type of resource. For example, just knowing that you have 5000 cloud virtual machines running is not enough, because the policies for web servers will drastically vary from those for databases.
It is important to establish policy guardrails to enable continuous integration and continuous deployment (CI/CD) while ensuring that your organization’s security architecture requirements are continuously verified. RedLock provides hundreds of policies that reflect established security best practices, and also enables you to create custom policies. It continuously assesses these policies across configurations, networks, users, hosts, and applications. For example, you could monitor your environment for publicly exposed Amazon S3 or EBS volumes.
Effective governance requires accountability to identify the user causing the violation. RedLock can immediately identify the user who introduced a risky configuration, enabling rapid remediation. For example, if a new Amazon security group is created and left open to the internet, you can pinpoint the user who created the group and discuss if this was done in error.
When an incident occurs, it must be swiftly remediated to reduce the window of opportunity for malicious actors. Instead of generic alerts, RedLock provides context on the issue and a risk score attributed to each resource, which helps prioritize and automatically remediate it. This self-healing ability enables you to continuously maintain your organization’s “gold standard” security posture.