HOW RedLock ADDRESSES FIVE KEY CUSTOMER QUESTIONS:
What does your product do?
For many years, cloud service providers like Amazon have been preaching about the Shared Responsibility model when it comes to securing public cloud infrastructure. They provide physical security for the infrastructure but the customer is still responsible for securing content, applications, systems, networks, and users that leverage that infrastructure. Recent high profile breaches indicate that customers are struggling to meet their obligations.
We believe that this because it is non-trivial problem to solve and customers do not have the necessary tools. RedLock was founded to help customers manage security and compliance risks across public cloud infrastructure such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform.
What problems does it solve?
Below are some examples of recent high profile breaches that illustrate the gravity of the problem:
On May 31, 2017, OneLogin (a cloud-based identity management vendor) suffered a breach of its AWS environment. The company did not disclose how many customers were impacted but it has over 2,000 customers in 44 countries, including Conde Nast, Pinterest, Yelp, and Zendesk. The scariest part of the breach was that not only were the attackers able to access an encrypted database containing information on users, apps, and various types of keys, they had also acquired the keys to be able to decrypt it.
On May 24, 2017 an AWS S3 bucket containing highly classified intelligence data that belonged to Booz Allen Hamilton was discovered. The files within were connected to the US National Geospatial-Intelligence Agency (NGA), the US military's provider of battlefield satellite and drone surveillance imagery. To make matters worse, access keys/credentials were also found and the company’s spokesperson confirmed that these may provide access to more sensitive data, including code repositories.
On April 13, 2017, RedLock researchers discovered misconfigurations in Amazon RDS and EBS that exposed thousands of data volumes to the public. These volumes contain sensitive data including PHI and PII. To illustrate the severity of the exposure: one data volume that contained over 300,000 customer emails and encrypted passwords that belong to a Fortune 50 enterprise. Another data volume contained 500,000 customer and employee records belonging to a healthcare supply chain management vendor whose clients include most major healthcare providers. RedLock is working with some of the impacted organizations to rectify the issue but given the scale of the issue (thousands of organizations), AWS is working with us to proactively reaching out to its customers.
On March 31, 2017, independent researchers discovered a misconfiguration in Amazon S3 that ultimately led to the exposure of 20,000 customer records at Scottrade. When RedLock researchers dug into the issue, we found over 100 other exposed S3 instances and are working with the impacted organizations to rectify the issue.
These misconfigurations were in no way Amazon’s fault but rather developer/operational oversight on the part of the customer using the service. This clearly demonstrates the need for a solution.
How are you different than your competitors?
The RedLock Cloud 360™ platform takes massive volumes of raw, siloed data from an organization’s public cloud infrastructure environment and produces a map highlighting active threats. The platform enables cloud forensics, policy monitoring, anomaly detection, adaptive response, and compliance reporting, all to deliver unparalleled true cloud infrastructure security without impeding DevOps.
The following example illustrates how RedLock solves a problem versus other vendors in the market.
- Both RedLock as well as most of its competitors can detect an open security group in AWS which is a bad practice. While this situation is not ideal, an open security group is not necessarily an indicator of compromise – rather it is a potential avenue for compromise.
- Only RedLock takes the next step to determine what type of resources the open security group is associated with. For example, if the open security group is associated with a database, that is a major concern as databases should never be communicating directly via the internet.
- Only RedLock looks at network traffic data to see if the database is actually communicating directly via the internet. Since competitors only look at configuration data, they cannot do this.
- Only RedLock leverages threat intelligence data that it ingests from a third party source to see if the database is communicating via the internet with any known suspicious IP addresses – if so, that is an indicator of compromise.
Furthermore, only RedLock uses data science to determine if the traffic from the suspicious IP address was actually accepted by the database – if so, now you have an active threat.
Who has done this before?
Global brands across a variety of verticals trust RedLock to secure their public cloud infrastructure:
- Proofpoint, a cloud-based cybersecurity company, increased the efficacy of its security program with holistic visibility across 1800+ AWS workloads.
- Veeva Systems, a leading provider of cloud-based applications for the global life sciences industry, uses RedLock to ensure that its AWS environment complies with regulations.
- Nerdwallet, personal finance application, is able to achieve real-time risk visibility across dynamic cloud infrastructure.
- A Fortune 500 insurance corporation was able to achieve digital transformation with confidence by ensuring its AWS environment meets compliance mandates.
- A Fortune 1000 software provider gained visibility and control over risks across 10,000+ workloads in 100 different AWS accounts.
How are you going to show measurable results?
RedLock provides a free risk assessment which can be set up in minutes without hindering development efforts. It will provide the following insights:
- Baseline what infrastructure is currently running in your public cloud environment as well as what was running from a historical perspective
- Are you secure and in compliance with established cloud security best practices and have you been so historically?
- Is there or has there been any anomalous user or network behavior in your environment?
- Show trending for all of the above results