Cloud Security Monitoring

Uniquely Monitor Complex Cloud Infrastructure and Detect Multi-Cloud Attack Campaigns
.

BUSINESS CHALLENGE

Beyond traditional security threats seen in on-premises environments, cloud environments come with different security challenges. In addition, many organizations need to have their monitoring and threat detection capabilities built into multiple public cloud environments all working simultaneously and unified. Most current “cloud” security solutions are unable to provide the necessary levels of threat monitoring because they are:

  • Not cloud native, i.e., built specifically to work fully within cloud environments and are often “lifted and shifted” solutions from on premise offerings that now comes with limitations in comparison.
  • Built to operate or hosted within a primary cloud environment, for example, AWS, and only offer data collection or “support” for other cloud architectures leading to security gaps when attempting to support dual-homed or multi-cloud environments properly.
  • Claim “support” for providing threat detection, investigation, and response (TDIR) capabilities, while only just providing data collection and correlation with no or limited sets of analytical threat models.
  • Lack cloud focused machine learning (ML) models supported by a trained machine learning engine that can automatically adjust and adapt to new attacker tactics and techniques as well as changes in malware operation.

These challenges make it almost impossible for most solutions to identify known, unknown, new, and emerging threats and variants across a single cloud environment let alone attack campaigns that threat actors spread across multiple clouds to evade current technologies. This leads to huge amount of additional work and manual effort for security teams to determine the full scope of the attack.

.

CRITICAL CAPABILITIES

  • Identify Misconfigurations
    As IT personnel or contractors inadvertently setup policies allowing unrestricted access to cloud resources, Gurucul has analytics for identifying unexpected communications, unusual access, and access violations to cloud resources.
  • Detect Data Loss
    As shareability of data is an advantage of cloud architectures, Gurucul cloud monitoring enables customers to collect and analyze the telemetry from cloud environments to identify data loss and leakage.
  • Identify Multi-Cloud Attack Campaigns
    Gurucul is uniquely capable of not just correlating security events across multi-cloud environments, but based on recent trends, also detecting attack campaigns spread across multi-cloud environments to evade current SIEM and XDR solutions.
  • Monitor Identity and Access in the Cloud
    Identity and access management (IAM) in a cloud or hybrid cloud environment can be extremely complex. For larger organizations, the process of simply understanding who has access to which resources can be time-consuming and difficult. Other IAM challenges in the cloud include ‘zombie’ SaaS accounts (inactive users), and improper user provisioning and deprovisioning. Hybrid environments where users must access a mix of SaaS apps and on-premises applications can introduce siloes and further complicate IAM, leading to misconfigurations and security gaps. Gurucul fills these gaps.
.

KEY BENEFITS

Deployable Across Any Public Cloud: Gurucul doesn’t just correlate across multiple cloud, unlike other vendors we can also provide a full SaaS offering hosted in any public cloud environment to achieve multi-cloud support and maximum flexibility.

Infrastructure Wide Visibility: Increase visibility across their infrastructure by gathering log, network, application, and identity telemetry along with user and entity behaviors to detect attacks.

Monitoring Across Complex Architectures: Gurucul Cloud Security Monitoring and analytics can ingest and correlate large amounts of data across a variety of distributed locations, including regional cloud deployments to identify attack campaigns regionally and globally.

Business Loss Prevention: Even a single compromise can open the door for an attacker to disrupt business operations leading to a decrease in customer trust and satisfaction — especially if customer data was stolen or inaccessible due to ransomware. Gurucul lowers alert fatigue, eliminates manual tasks, and provides the necessary context for security teams detect, investigate, and respond to cloud-based security threats much sooner in the kill chain to ensure availability and data security.

Auditing: Improve the efficiency, reduce costs, and ensure that organizations can meet their compliance requirements as they migrate into hybrid and cloud architectures.

.

WHY GURUCUL?

Unlike other security analytics tools, with Gurucul you get full hybrid visibility of identities, accounts, access and activity for on-premises and cloud. Only Gurucul provides the threat intelligence of full 360-degree visibility and context of users accessing applications and data both in the cloud and on-premises.

Gurucul can ingest data directly from applications on cloud provider platforms as well as consume data feeds from CASB proxy gateways. Gurucul leverages cloud infrastructure and platform data alongside cloud application activity data for a complete view of user/entity behavior analytics and identity access intelligence.

Gurucul provides cloud API data connectors out-of-the-box as well as delivering the capability for developing custom connectors. Get visibility into cloud applications and infrastructure including Amazon AWS, Box, Concur, Dropbox, Google Cloud, G-Suite, IBM, Microsoft Azure, Microsoft Office 365, Okta, Oracle, Ping, Salesforce, SAP, ServiceNow, Splunk Cloud, and Workday.

.

TOP USE CASES

Advanced Threat Detection and Response

Cloud Account Compromise, Hijacking and Sharing

Detect account compromise, hijacking and sharing for cloud application accounts and privileged accounts for IaaS and PaaS. Detect anomalous behavior beyond rules, patterns and signatures utilizing advanced machine learning behavior models.

Achieving Compliance Objectives (PCI, SOX, HIPAA, GDPR, etc.)

Cloud Data Exfiltration and IP Protection

Baseline cloud data access and activity to detect anomalous events with self-learning and self-training machine learning models. Analyze data sources in CASB proxy gateways, email gateways, web gateways and network gateways with DLP features.

External, Internal, Cloud Incident Collection and Monitoring

Cloud Access Outliers and Excess Access

Identify cloud access considered high-risk by consuming access entitlements data from SaaS, IaaS, PaaS and IDaaS. Identify access that is considered high-risk including: privileged access entitlements, dissimilar access compared to peers, and infrequent access to cloud accounts. Detect access outliers leveraging peer groups of users to trigger certifications for outlier access.

Achieving Compliance Objectives (PCI, SOX, HIPAA, GDPR, etc.)

Cloud Dormant and Orphan Accounts

Automate the identification of risky orphan and dormant cloud accounts, potentially used for data exfiltration. Enable cloud account and system owners to act by identifying cloud account owners or marking cloud accounts for review.

External, Internal, Cloud Incident Collection and Monitoring

Cloud Insider Threat Detection and Deterrence

Leverage machine learning behavior models developed, tested, and refined from an extensive insider threat database of real-world incidents. Find high-order interactions and patterns in data to detect insider threats by leveraging useful and predictive cues that are too noisy and highly dimensional for human experts and traditional software to detect.

Achieving Compliance Objectives (PCI, SOX, HIPAA, GDPR, etc.)

Cloud Privileged Access Abuse

Discover cloud privileged access and provide visibility on who has the “keys to the kingdom.”  Detect and eliminate privileged access entitlements assigned erroneously to regular user accounts. Reduce privileged access cloud account abuse and eliminate shared cloud admin accounts.

Detect account compromise, hijacking and sharing for cloud application accounts and privileged accounts for IaaS and PaaS. Detect anomalous behavior beyond rules, patterns and signatures utilizing advanced machine learning behavior models.

Baseline cloud data access and activity to detect anomalous events with self-learning and self-training machine learning models. Analyze data sources in CASB proxy gateways, email gateways, web gateways and network gateways with DLP features.

Identify cloud access considered high-risk by consuming access entitlements data from SaaS, IaaS, PaaS and IDaaS. Identify access that is considered high-risk including: privileged access entitlements, dissimilar access compared to peers, and infrequent access to cloud accounts. Detect access outliers leveraging peer groups of users to trigger certifications for outlier access.

Automate the identification of risky orphan and dormant cloud accounts, potentially used for data exfiltration. Enable cloud account and system owners to act by identifying cloud account owners or marking cloud accounts for review.

Leverage machine learning behavior models developed, tested, and refined from an extensive insider threat database of real-world incidents. Find high-order interactions and patterns in data to detect insider threats by leveraging useful and predictive cues that are too noisy and highly dimensional for human experts and traditional software to detect.

Discover cloud privileged access and provide visibility on who has the “keys to the kingdom.”  Detect and eliminate privileged access entitlements assigned erroneously to regular user accounts. Reduce privileged access cloud account abuse and eliminate shared cloud admin accounts.