SOC Enablement

Prioritize vulnerabilities, detect threats, investigate current or past incidents, and auto-remediate issues across your entire cloud computing environment.

Watch Video
Cloud Security User

A Day in the Life of “Jane SecOps” with RedLock

Access key found exposed on GitHub.

A security researcher reports to that a sensitive access key to the organization’s production cloud environment was found exposed on GitHub.

RedLock - Cloud Security Operations - exposed on GitHub
RedLock - Cloud Security Operations - breach investigation

Breach investigation is required.

The organization’s CISO asks Jane to investigate whether this has led to a compromise of the cloud environment.

Jane performs investigation using RedLock.

Jane discovers that the access key and secret token was used to login from an usual location and perform activities not previously associated with that key.

RedLock - Cloud Security Operations - investigation
RedLock - Cloud Security Operations - reports back management

Reports back to the management team.

Jane downloads a report that lists all anomalous activities associated with the key and shares it with management.

RedLock SOC Enablement

The RedLock Solution

Security operations teams today are being inundated by alerts that provide little context on the issue, which makes it hard to triage issues in a timely manner. Decentralized and rapidly changing cloud environments expand the threat landscape and exacerbate the issue.

Vulnerability Management

Data from existing third party vulnerability scanning tools which identify missing patches by IP address is not actionable, since IP addresses are constantly changing in cloud environments. RedLock correlates vulnerability data with host configurations and network traffic in the cloud to accurately pinpoint the vulnerable host, provide context on its business purpose, and ultimately determine its level of exposure, which helps prioritize patching. For example, if a vulnerable host is identified as a database that is exposed to the internet, it should be prioritized for patching.

RedLock - Cloud Security Operations - Vulnerability Management

Advanced Threat Detection

To truly detect threats in public cloud computing environments, comprehensive visibility is necessary. RedLock takes a new AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations and threat intelligence. This enables it to detect complex threats and auto-remediate issues quickly. In the example above, if the vulnerable database is receiving traffic from a known malicious IP address, it should be immediately quarantined into a private network.

RedLock - Cloud Security Operations - Advance threat detection

Cloud Forensics

Investigations are challenging in public cloud computing environments because they are constantly changing. RedLock maintains snapshots of your environment so that you can investigate any current or past incidents. You can run complex queries across your environment in seconds and analyze the results with an interactive risk map. You can also get a detailed incident timeline to trace incidents. For example, you could get a timeline of a user’s activity for the past month to determine if there was any suspicious activity.

RedLock - Cloud Security Operations - cloud forensics

Remediation

In the DevOps era, changes occur very rapidly and it is simply impossible to manually triage all issues. Not only is it important to identify what risky configuration was identified in your environment, but also to determine which developer introduced the issue, and have the option to automate remediation. RedLock enables you to fully automate security from incident detection to remediation. It also offers you the ability to leverage your existing investments by integrating with a number of third party orchestration tools. For example, if the platform detects an account hijacking attempt, it can instantly disable the user’s account.

RedLock - Cloud Security Operations - Remediation

Get Started Today

Learn more about the RedLock Cloud 360 platform or contact us for a free risk assessment of your public cloud infrastructure.

Learn More Get a Free Assessment