RedLock Enhances Cloud Security Through Integration with Amazon GuardDutyNovember 29, 2017
RedLock today announced that the RedLock Cloud 360 Platform solution provides immediate integration with Amazon GuardDuty, a new threat detection service announced by Amazon Web Services (AWS) at AWS re:Invent 2017 in Las Vegas, to provide visibility into threats to your AWS resources. RedLock integrates with Amazon GuardDuty to help customers manage security and compliance risks. Amazon GuardDuty findings are ingested by RedLock to provide additional context and centralized visibility into security risks on the cloud, helping customers gain actionable insights, identify cloud threats, reduce risk and remediate issues, without impeding DevOps.
“We are happy to have RedLock Cloud 360 as a launch solution that is integrated with Amazon GuardDuty,” said Rohit Gupta, Global Segment Leader, Security, Amazon Web Services, Inc. “RedLock provides an extra layer of security, risk visibility and monitoring to its customers and the integration with Amazon GuardDuty makes it even easier to deploy and deliver deeper insights into customer infrastructure.”
Amazon GuardDuty integration enhances the following capabilities:
- Policies and Alerting: Policies created based on Amazon GuardDuty findings have been added to the existing RedLock Cloud 360 solution policy set, which includes those enabling organizations to adhere to industry best practices such as CIS, PCI, and NIST. RedLock Cloud 360 automatically monitors the customer’s new and existing cloud workloads and alerts the enterprise when a workload violates a policy. RedLock also enables organizations to drill down further into Amazon GuardDuty findings, which allows customers to perform impact analysis and understand the root cause of an incident, cutting the time needed to resolve issues.
- Network Investigation: RedLock Cloud 360 network investigation capabilities now extend to Amazon GuardDuty network data. The integration allows organizations to easily visualize Amazon GuardDuty findings through a network graph, identify applications running on the workloads, and find additional vulnerabilities based not only on policy settings, but also on external integrations, such as vulnerability scanners. Enterprises now have greater visibility into the security risks associated with their cloud workloads.
- User Behavior Analytics: RedLock Cloud 360 augments Amazon GuardDuty identity and access management findings with its current machine learning algorithm used to detect user account and access key compromises as well as insider threats. The integration enables organizations to identify malicious users on the cloud while also minimizing false positives.
- Risk Scoring: RedLock Cloud 360 incorporates Amazon GuardDuty findings into its advanced risk-scoring algorithm, already used to continuously score every workload across multiple cloud accounts based on risky attributes and behavior. Risk ratings help IT teams prioritize response and report to management and board members.
- Automated Remediation: In addition to allowing organizations to detect and investigate cloud threats, RedLock Cloud 360 is designed to automatically remediate issues. This integration means RedLock Cloud 360 can automatically remediate threats identified by Amazon GuardDuty. For example, RedLock Cloud 360 will terminate a workload that initiated a reconnaissance attack, which will help provide continuous cloud security.
- Enterprise Integration: RedLock Cloud 360 natively integrates with additional enterprise products, such as SIEM, workflow management, vulnerability management and security orchestration tools to aid security operations teams with single-pane-of-glass visibility to investigate, prioritize, and resolve cloud security alerts. These integrations extend to Amazon GuardDuty, allowing organizations to incorporate both RedLock Cloud 360 and Amazon GuardDuty findings and alerts into these enterprise tools.
Read more about the RedLock Cloud 360 integration with Amazon GuardDuty at https://blog.redlock.io/amazon-guardduty-integration, and more about how RedLock enables deeper visibility into AWS security and compliance risks at https://redlock.io/platform/aws-security-and-compliance.