One attribute that uniquely sets the RedLock Cloud 360™ platform apart from other solutions is the ability to ingest data from multiple, disparate sources to provide a unified view of risks across AWS and other public cloud computing environments. Our supported data sets include information on network traffic, user activity, risky configurations, and threat intelligence.
Today, I am very excited to share the news that RedLock has added host vulnerability insights via our technology partnership and integration with Tenable (tenable.io). By combining RedLock’s cloud threat defense platform with Tenable’s leadership in Cyber Exposure, our teams and technologies are uniquely positioned to create the most comprehensive security solution with global presence for public cloud computing.
The RedLock-Tenable integration enables the correlation of data using Artificial Intelligence (AI) to analyze massive data volumes, bring critical information to the surface, and profile the roles and behavior of each cloud resource. It will also help remediate the risks for each cloud resource based on the severity of business risks, policy violations, and anomalous behavior, reducing the opportunities for malicious actors to cause damage.
Vulnerability management at scale is extremely complex in the cloud, where workloads may be created and retired in a matter of hours. In this dynamic environment, it is hard to pinpoint specific, questionable cloud resources, or understand the real exploitability and risks associated with them. Traditional vulnerability scanning tools were not designed for this, and fall short on delivering actionable results to users.
Which is exactly why our integration with Tenable.io is so powerful!
Overlaying vulnerability data with other data sets collected delivers a consolidated, easy to use solution to alert on known vulnerabilities and address questions, such as:
- Are any of my workloads impacted by the Spectre or Meltdown vulnerabilities?
- Which vulnerable workloads have we detected in our cloud environment in the last 7 days (or any customizable date range)?
- Which web server workloads have known CVEs?
- Which vulnerable database servers have received traffic directly from the Internet (if any)?
- Which vulnerable host has generated AWS GuardDuty alerts within the last 2 weeks?
The RedLock-Tenable integration is easy to set up in the RedLock 360 platform. The following screenshots step you through the initial setup, and then a visualization and drill down on a query.
Once the integration is enabled, vulnerabilities from one or more hosts can be queried using RQL (RedLock Query Language).
Additional drilldowns are available on any object. In this example, we are able to view which vulnerabilities have been detected and associated with a particular host.
RedLock’s integration with Tenable.io will result in customers being able to optimize security and compliance decisions, along with faster risk remediation, thus minimizing windows of opportunities for malicious actors. If you would like to learn more, please reach out to RedLock, and we can provide additional information.