Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.
Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.
To address those issues the service, called Cloud 360, checks customers’ public cloud instances for whether they meet security standards and sends alerts about threat exposures. So, for example, if a developer spins up a cloud virtual machine that doesn’t meet security best practices, the platform will send notification to the security team so the problem can be addressed.
The company’s Cloud 360 service taps into cloud providers’ APIs for read-only access to customers’ network traffic, user activity and configuration of systems and services. The service does not have access to the content of customer’s data. This method of tapping data means the service requires no agents, which pose an obstacle to some security teams.
The data gleaned through the APIs is digested along with outside feeds of threat intelligence to create a risk map that shows what’s deployed, security configurations and active threats that might be carried out.
Customers can see such risks as whether any databases are exposed to the internet, Badwhar says. Using machine-based anomaly detection, the platform can set up policy-based monitoring. That establishes ideal parameters for deployment and use of cloud resources and notifies when actual deployments step outside them.
The service records and retains customer cloud activity that can be used later for forensics when investigating security incidents or to show auditors that during a given time period, cloud use met security requirements.
The company has a Cloud Security Intelligence unit that looks at public database about cloud providers’ networks and looks for cases when actual customer data might be exposed or exploited. Badwhar says the company has found such cases and reported them to cloud providers for remediation.
Cloud 360 detects workloads automatically and finds anomalies that might indicate malicious activity. The service provides a dashboard where customers can query the environment for such things as what developers are using it for, what databases are present and what authentication services are in use.
David Tsao, global information security officer at Veeva Systems, a RedLock customer that provides cloud-based software to the life sciences industry such as pharmaceuticals and biotech firms. He says the RedLock platform provides analysis of the company’s flow logs that makes it easier to sort good and bad traffic. So it would flag when servers connect to suspect IP addresses, for instance.
Sign up for CIO Asia eNewsletters.