Network Security

Detect risks such as network intrusions, cryptojacking, and insider threats across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud environments

Traditional Approaches Don’t Align with Modern Cloud Architectures

The virtual perimeter in public cloud environments is more vulnerable to attacks than a physical perimeter in on-premise environments. Organizations need to vigilantly monitor network traffic in the cloud and detect suspicious activity. However, network security in public cloud environments requires a different approach for several reasons:

Performance & Scale Implication

Inline network security solutions can negatively impact important cloud architecture benefits such as bursting and auto-scaling. An out-of-band approach is necessary.

Blind Spots

Traditional network monitoring tools create security blind spots in the cloud since they cannot be deployed for monitoring traffic to API-driven services, or to monitor east-west traffic at scale. An out-of-band approach is necessary.

Privileged Users

While the cloud enables agility by allowing users to create and modify resources on-demand, this often occurs without any IT or security oversight. As a result, a simple network misconfiguration can expose sensitive applications to the internet.

Alert Fatigue

Alerts based solely on network configuration changes could inundate security teams with false positive results if the changes were deliberate. As a result, configurations must be continuously correlated with network traffic and other threat intelligence sources to truly assess risk.

RedLock Enables Network Security

The RedLock Cloud 360™ platform monitors north-south as well as east-west traffic. This enables it to detect risks such as network intrusions, cryptojacking, and insider threats.

Network Configuration Monitoring

The RedLock Cloud 360 platform provides out-of-the-box network policies that reflect established security best practices. It continuously assesses the policies and trigger alerts if violations are detected. For example, the platform can identify sensitive resources and trigger an alert if it detects direct traffic to them from the internet.

Network Configuration

North-South Threat Detection

The platform monitors north-south traffic for ingress threats such as network intrusions, reconnaissance attacks, cryptojacking incidents, and data exfiltration. It accomplishes this by ingesting network flow logs from your public cloud environment. However, this alone is not sufficient for accurately detecting suspicious activity. For example, knowing that a resource is receiving network traffic from the internet is not very meaningful. Instead, the platform uses AI to correlate the netflow logs with data from your public cloud environment and third-party threat intelligence sources to identify suspicious activity. In the earlier example, a more meaningful alert would be if the identified resource is an unpatched MongoDB instance that is accepting a connection from a suspicious IP address.

network intrusion detection

East-West Threat Detection

As organizations move towards microservices, it becomes imperative to monitor east-west traffic as well. The ingestion of netflow logs provides the RedLock Cloud 360 platform with visibility into this traffic. Correlating this with data from your public cloud environment and third-party threat intelligence sources enables the platform to identify malware infected instances, lateral movement, and other types of Advanced Persistent Threats (APTs).

East West Threat

Network Threat Investigation

The platform’s graph analytics enables quick investigations of threats and analysis of downstream impact by simply drilling down on a resource. It also provides you with an audit trail to view time-serialized activity for any given resource. This allows you to review the history of changes for a resource and better understand the root cause of an incident, past or present.

Audit Trail & Network Threat Investigation

Want to learn more?

Defending Against CryptoJacking

Learn about cryptojacking attacks in public cloud environments at Tesla, Gemalto, and Aviva and get tips on how to defend against them.

RedLock Cloud 360 Demo

Get a demo of the RedLock Cloud 360 platform.

Cloud Threat Defense

Learn how the RedLock Cloud 360 platform enables comprehensive Cloud Threat Defense.

Get Started Today

Learn more about the problems that RedLock can help you solve or contact us for a free risk assessment of your public cloud infrastructure.

Learn More Get a Free Assessment

LIVE Webinar

REGISTER NOW