Comprehensive visibility into assets is a cloud computing security challenge across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments.
You can’t secure what you can’t see. Visibility into public cloud environments - the ability to view and manage assets that live in someone else’s physical space - is critical, and is hard to come by natively. Organizations migrating to the cloud are often very surprised at the lack of cloud computing security and compliance visibility they have, especially when compared to their traditional on-premise world. It’s also a wake-up call for those companies born in the cloud.
The Asset Inventory Challenge
RedLock recognized that lack of visibility into cloud computing environments was a common, ubiquitous problem. With organizations embracing public cloud computing at a blistering pace, security teams often struggle to keep track of assets and accurately identify risks in these dynamic environments. Challenges exist for accurately inventorying assets in public cloud environments, including:
- Ephemeral Resources: The ever-changing nature of cloud resources makes it challenging to keep track of assets. RedLock’s own research shows the average lifespan of a cloud resource is 2 hours and 7 minutes. As such, assets must be automatically detected as soon as they are created, and all changes tracked until they are destroyed. This historical information becomes necessary for supporting audits and investigations.
- Fragmented Environments: Many organizations have fragmented cloud environments that consist of multiple cloud accounts, multiple regions, and multiple cloud service providers. This leads to siloed visibility into assets. Central visibility of all assets across your entire environment is necessary to effectively address risks.
- Ineffective Tagging: The ease of creating, modifying, and scaling cloud resources by privileged users without oversight often leads to poor tagging practices. As a result, security teams cannot rely on tags to accurately identify assets and applications. Assets and applications must be automatically identified using AI to correlate configurations with network activity.
RedLock Solves the Asset Inventory Problem
To effectively solve the aforementioned, RedLock analyzed the issues, dependencies and implications of moving to the cloud in the context of managing a cloud asset inventory. The RedLock Cloud 360TM platform applies AI to continuously correlate disparate data sets including resource configurations, user activities, network traffic, host vulnerabilities/activities, and threat intelligence. As a result, the platform essentially creates a configuration management database (CMDB) for your public cloud assets. This context enables RedLock to identify the types of resources and applications across your entire environment, providing comprehensive visibility for:
- Asset Identification: The RedLock Cloud 360 automatically discovers cloud resources as soon as they are created or terminated. This provides you with visibility into the volume and types of resources (virtual machines, load balancers, security groups, users, etc) across multiple cloud accounts and regions in a single pane of glass. Having an understanding of your environment enables you to implement more granular policies and reduce risk.
- Application Profiling: The platform profiles instances to identify the specific applications runnings on the instance, so that you can more accurately assess risk. For example, it can discover when a virtual machine is instantiated and identify that it is a database running MongoDB software. In the event that a new MongoDB vulnerability is identified, all instances can be immediately located and patched.
- Historical Change Tracking: The platform not only identifies assets at any given point in time, but also maintains a complete historical change log for all assets. It’s like having a DVR recording of all changes and activities across all your public cloud environments. This is particularly valuable in public cloud environments since they are constantly changing.
- User Attribution: Knowing what changed is a good start, but what makes this information extremely valuable and actionable is when you’re able to correlate that information with user activity logs to identify the developer who made the specific changes. This enables you to better understand the root cause of an incident and respond quickly.
Want to Learn More?
Learn how to inventory assets across your environment to obtain visibility, enforce granular policies, and identify risks.