Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.
+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+
Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.
To address those issues the service, called Cloud 360, checks customers’ public cloud instances for whether they meet security standards and sends alerts about threat exposures. So, for example, if a developer spins up a cloud virtual machine that doesn’t meet security best practices, the platform will send notification to the security team so the problem can be addressed.
The company’s Cloud 360 service taps into cloud providers’ APIs for read-only access to customers’ network traffic, user activity and configuration of systems and services. The service does not have access to the content of customer’s data. This method of tapping data means the service requires no agents, which pose an obstacle to some security teams.
+More on Network World: IBM: Financial services industry bombarded by malware, security threats+
The data gleaned through the APIs is digested along with outside feeds of threat intelligence to create a risk map that shows what’s deployed, security configurations and active threats that might be carried out.
Customers can see such risks as whether any databases are exposed to the internet, Badwhar says. Using machine-based anomaly detection, the platform can set up policy-based monitoring. That establishes ideal parameters for deployment and use of cloud resources and notifies when actual deployments step outside them.
The service records and retains customer cloud activity that can be used later for forensics when investigating security incidents or to show auditors that during a given time period, cloud use met security requirements.
The company has a Cloud Security Intelligence unit that looks at public database about cloud providers’ networks and looks for cases when actual customer data might be exposed or exploited. Badwhar says the company has found such cases and reported them to cloud providers for remediation.
Cloud 360 detects workloads automatically and finds anomalies that might indicate malicious activity. The service provides a dashboard where customers can query the environment for such things as what developers are using it for, what databases are present and what authentication services are in use.
David Tsao, global information security officer at Veeva Systems, a RedLock customer that provides cloud-based software to the life sciences industry such as pharmaceuticals and biotech firms. He says the RedLock platform provides analysis of the company’s flow logs that makes it easier to sort good and bad traffic. So it would flag when servers connect to suspect IP addresses, for instance.
Veeva has been using Cloud 360 for about two months and before that used Amazon Trusted Advisor along with Scout open-source monitoring software which gives a snapshot of configurations, but no traffic information, Tsao says. “It was a very manual and painful process,” he says.
He says RedLock provides visibility into network traffic across multiple cloud providers and doesn’t require deploying agents to the servers being monitored. It helps with compliance with security standards by alerting to violations, which are forwarded to the individuals who made them.
He says when the platform was demonstrated to the Veeva development and technical operations teams it found one of the company’s servers being probed by another server – something that shouldn’t have been happening. Cloud 360 provided details about why the probing was going on in about 15 seconds, something that would have taken several minutes otherwise. So he says the platform helps the teams be more efficient.
Chris Christiansen, ananalyst with Hurwitz & Associates, says the platform can help businesses challenged to find experienced security analysts by finding anomalies that less experienced analysts might not know to look for. So incidents will be found earlier and it will take less time to resolve individual alerts.
RedLock, based in Menlo Park, Calif., was founded in 2015, has about 30 employees and has raised $12 million in funding from Sierra Ventures. Cloud 360 is available now. The company isn’t releasing numbers but says pricing is based on how many customer workloads it’s monitoring. The service includes enough storage to retain 30 days’ worth of activity records. Customers can pay extra to store the data for a longer period.