Detect host vulnerabilities and compromises across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud environments
Hosts in public cloud environments are just as vulnerable to attack as those in on-premise environments, and the impact can be devastating. It is imperative for organizations to keep up with host vulnerability management as well as monitor hosts for signs of compromise. However, there are several challenges in achieving this:
Standalone vulnerability management tools perform periodic scans of an environment to identify hosts with missing patches based on IP addresses. However, public cloud environments are constantly changing and IP addresses are elastic, which makes the results unreliable. Data from existing vulnerability management tools must be combined with real-time context on your environment to be effective.
Host activity data by itself does not provide the full context required to assess the severity of a threat since cloud environments are constantly changing. It must correlate with other data from the cloud environment and threat intelligence sources to assess true risk.
The RedLock Cloud 360™ platform provides the necessary context on risks by using AI to correlating host activity and host vulnerability data with resource configurations, user activities, network traffic, and threat intelligence. This enables it to further refine risk models and surface, investigate, and respond to threats in your public cloud environment.
The RedLock Cloud 360 platform provides the context that is necessary to be able to identify risks such as host vulnerabilities. It correlates security data from your public cloud environment with vulnerability data from best-of-breed third party tools. This enables you to monitor for vulnerabilities and prioritize remediation for resources with high risk scores. You can also search for vulnerabilities across your entire environment in minutes based on severity, CVE IDs (Common Vulnerabilities and Exposures), and other attributes. For instance, you can run a query in a matter of minutes to determine if any hosts running sensitive applications in your environment are impacted by the Spectre and Meltdown vulnerabilities.
The platform ingests host data such as Amazon GuardDuty findings to enrich existing risk models. This refines your ability to surface, investigate, and respond to threats in your public cloud environment. For example, the platform identifies a database that is exposed to the internet and receiving traffic from suspicious IPs. Separately, the host data reveals port scan and SSH brute force attempts against this database. Correlating these insights suggests that this is a high severity threat and merits immediate action.