Your business is facing some of its most rapid growth… maybe ever. According to the Cisco Annual Internet Report, cloud data centers will process nearly 95% of workloads in 2021. Over the past decade, businesses began racing into the cloud. With a newfound understanding of the great flexibility it can offer, CISOs around the world invested millions to migrate their business’ workloads into IaaS and PaaS based systems. Large enterprises spotted an opportunity to minimize their overhead costs and move away from some of the more traditional on-prem data centers, while small businesses realized that they can truly flourish in the public cloud. The laundry list of benefits includes added flexibility, lower costs, easier management and maintenance, and better overall agility that allows small organizations to function while operating with tighter resources.
It almost sounds too good to be true, right? Well, despite this massive cloud migration, 94% of organizations are moderately to extremely concerned about cloud security1. We’ve seen some big-name enterprises fall victim to attacks that stem from one critical mistake: misconfigured assets in the public cloud.
1. 2020 Cloud Security Report, Cybersecurity Insiders
Today at our Partner Summit 2020 event, we are excited to announce new features that will soon be available in Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud), a SaaS-based Network Detection & Response (NDR) offering, that give CISOs more confidence in their ongoing journey in the cloud. This solution is already built to protect your public cloud resources as it provides comprehensive visibility into all of your public cloud traffic. It is a true multi-cloud solution and can ingest native telemetry from Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). It even has the ability to detect threats in encrypted traffic without active packet inspection.
New to Secure Cloud Analytics, is a highly flexible event viewer that offers a wealth of information about your business’ cloud deployment, resource configuration, alignment to industry standards and regulations and so much more. Here is a breakdown of how these features will help your business:
1. Encourage collaboration through simple reporting on cloud security posture
Secure Cloud Analytics enables your DevOps and SecOps groups to work cohesively, as one team. It identifies a critical gap that often exists between these functions. Your SecOps team is focused on threat hunting and protecting the business. It must monitor the network for alerts and address suspicious behavior in a timely manner. DevOps is responsible for implementing changes to code and configuring cloud resources but often lacks visibility into what SecOps is discovering about the network. The event viewer allows SecOps teams to identify vulnerabilities and gather critical information about configurations in the cloud and seamlessly deliver this information to DevOps to ensure that proper adjustments are made and that cloud workloads stay secure. Integrated with Cisco SecureX and other 3rd party platforms, Secure Cloud Analytics makes it easier than ever for teams to communicate their findings and make fluid adjustments in the public cloud.
2. Maintain compliance and meet standards unique to your industry
There is no one team solely responsible for ensuring compliance or meeting segmentation rules, however these new features enable teams to find and share information about public cloud traffic easily. The event viewer allows users to monitor cloud posture as it relates to various industry best practices. Users can investigate all cloud accounts and be alerted on those that are not compliant with industry standards like PCI, HIPAA and CIS frameworks or custom internal policies. Robust filtering and query searches allow the user to zero in on misconfigured or vulnerable assets that cause any compliance concerns.
3. Seamlessly monitor and protect your public cloud resources
The bread and butter of Secure Cloud Analytics is its ability to classify your network devices and monitor their behavior to detect threats. This process is known as dynamic entity modeling. Upon deployment, Secure Cloud Analytics starts to establish a baseline for learned ‘normal’ behavior. While it does provide some alerts out of the box, the most powerful alerts are triggered when it begins to understand the network and sees some deviation from the behavioral norm. It automatically groups your cloud resources into roles like EC2 instances, S3 buckets, AWS load balancers and more. It generates alerts like Geographically Unusual Azure API Usage and AWS Lambda Invocation Spike that are designed specifically to spot vulnerabilities in your cloud configurations.
Your business needs to keep finding new ways to innovate, stay agile, and protect its sensitive workloads. Ensure confidence in your cloud security posture with Secure Cloud Analytics.
This blog was originally written by Munawar Hossain for Cisco Blogs.