Enterprise adoption of the cloud continues to ramp, with clears signs of acceleration in 2018. At RedLock, we meet daily with executives across different verticals to hear about their migration plans and to advise on their compliance and security strategies in the cloud.
For many architects, security directors and CISOs, the move to the cloud is a mix of something old and something new. There is often a high-level familiarity with overall clouds risks, but there is also a learning curve associated with the new perils that have emerged. Couple that with the cloud’s dynamic nature, where resources are created and retired on a continuous basis, and it becomes easy to understand why traditional, static on-premise security products and services are ill-suited for the cloud.
This is why my cofounder, Gaurav Kumar, and I started RedLock. We believed that many organizations lacked deep visibility into their cloud environments and that a true cloud threat defense offering required a completely fresh approach. And thus, the RedLock Cloud 360 Platform was conceived using an AI-driven approach to correlate disparate data sets across large, distributed environments, providing a unified view of security and compliance risks.
Enterprises around the world are adopting Google Cloud Platform for their cloud migration, and RedLock understands that security and compliance remain a serious concern. Today, I’m excited to announce that RedLock is furthering its technology partnership with Google as a launch partner for its Cloud Security Command Center for Google Cloud Platform. This integration provides customers with centralized visibility into security and compliance risks, and greater context for alerting and actionable remediation in Google Cloud. As part of the integration, RedLock continuously monitors environments and sends alerts pertaining to resource misconfigurations, compliance violations, network security risks and anomalous user activities to Cloud Security Command Center, as seen in the following screenshot:
"Now more than ever, the cloud is where an increasing number of enterprises are turning to protect their data and stay secure," said Andy Chang, Senior Product Manager, Google Cloud. "With Cloud Security Command Center, we are helping security teams gather data, identify threats, and quickly act on application and data risks. By working with industry leaders like RedLock, we are giving our customers the capabilities they need to keep up with today’s ever evolving security challenges."
Detecting Security and Compliance Risks
RedLock alerts Google Cloud customers on key security and compliance issues via the Cloud Security Command Center. Let’s look in detail at three common scenarios that enterprises commonly encounter:
- What is my Google Cloud environment’s compliance posture against industry standards such as CIS, NIST, SOC 2, and PCI?
While the cloud enables agility by allowing users to create, modify, and retire resources on-demand, this often occurs without any oversight. How can you be assured that your cloud environments are not exposed due to risky configurations? How can you determine if your cloud resource configurations are compliant? And how do you prove your cloud environment compliance status to your auditors?
RedLock provides pre-packaged policies for common compliance standards such as CIS, NIST, PCI, and HIPAA to monitor Google Cloud environments. Any misconfiguration of Google Cloud resources such as Google Compute Engine, Google Cloud Storage, and Cloud Datastore will be immediately detected and raise alerts. In addition, RedLock provides compliance reports as a standard feature.
RedLock Compliance Report
- Have there been any account compromises in my environment?
In cloud environments, multiple users have privileged access which enables productivity but creates a greater risk of exposure. It is imperative to monitor users across your entire Google Cloud environments for anomalous activities. Unfortunately, the distributed nature of the cloud consisting of multiple accounts and regions makes this difficult.
The RedLock Cloud 360 platform develops a baseline of normal user activity. It consumes logs from across your entire Google Cloud environment. Any unusual activities trigger alerts and can be investigated with easy-to-use forensics tools in the RedLock platform, enabling you to detect account compromises and insider threats.
RedLock Suspicious User Activity Detection
- Has any nefarious network activity such as cryptojacking been detected in my environment?
Cryptojacking, the practice of stealing compute resources to mine cryptocurrency, has been highlighted in a number of recent news stories. The most prominent incident is the Tesla attack, where hackers were performing crypto mining from one of Tesla’s Kubernetes pods. The RedLock Cloud 360 platform can detect cryptojacking in real-time (see screenshot below), as well as host-level compromises such as hosts acting as spam bots, or hosts exhibiting unusual patterns of behavior.
RedLock Cryptojacking Detection
The RedLock Cloud 360 Platform can answer literally hundreds of other compliance and security related questions to keep your environment safe. The examples above are representative of the scale and scope of RedLock’s capabilities. Here are some other common questions most organizations want to know about:
- How many and what types of resources/applications are running in my environment?
- Are there misconfigurations, such as firewall rules that allow internet traffic on privileged ports?
- Are privileged users performing any sensitive activities?
- Which database servers have received traffic directly from the internet?
Optimizing Security and Compliance Decisions
Every day, we see how enterprises are adopting Google Cloud for their migration to the cloud, and we also understand that security and compliance remain serious concerns. RedLock is privileged to join Google in extending security and ensuring greater compliance in every Google Cloud environment. Our goal is to stay on the leading edge of cloud threat defense, and we will continue to develop and deploy solutions that help our customers realize the benefits of cloud computing.
See the RedLock Cloud 360 platform in Action
Get a demo to see how RedLock can help you with:
- Compliance assurance
- Security governance
- SOC enablement