RedLock announced that the RedLock Cloud 360 Platform solution provides immediate integration with Amazon GuardDuty, a new threat detection service announced by Amazon Web Services (AWS) at AWS re:Invent 2017 in Las Vegas, to provide visibility into threats to your AWS resources.
RedLock integrates with Amazon GuardDuty to help customers manage security and compliance risks. Amazon GuardDuty findings are ingested by RedLock to provide additional context and centralised visibility into security risks on the cloud, helping customers gain actionable insights, identify cloud threats, reduce risk and remediate issues, without impeding DevOps.
“We are happy to have RedLock Cloud 360 as a launch solution that is integrated with Amazon GuardDuty,” said Rohit Gupta, global segment leader, security, Amazon Web Services, Inc. “RedLock provides an extra layer of security, risk visibility and monitoring to its customers and the integration with Amazon GuardDuty makes it even easier to deploy and deliver deeper insights into customer infrastructure.”
Amazon GuardDuty integration enhances the following capabilities:
- Policies and alerting: Policies created based on Amazon GuardDuty findings have been added to the existing RedLock Cloud 360 solution policy set, which includes those enabling organisations to adhere to industry best practices such as CIS, PCI, and NIST. RedLock Cloud 360 automatically monitors the customer’s new and existing cloud workloads and alerts the enterprise when a workload violates a policy. RedLock also enables organisations to drill down further into Amazon GuardDuty findings, which allows customers to perform impact analysis and understand the root cause of an incident, cutting the time needed to resolve issues.
- Network investigation: RedLock Cloud 360 network investigation capabilities now extend to Amazon GuardDuty network data. The integration allows organisations to easily visualise Amazon GuardDuty findings through a network graph, identify applications running on the workloads, and find additional vulnerabilities based not only on policy settings, but also on external integrations, such as vulnerability scanners. Enterprises now have greater visibility into the security risks associated with their cloud workloads.
- User behavior analytics: RedLock Cloud 360 augments Amazon GuardDuty identity and access management findings with its current machine learning algorithm used to detect user account and access key compromises as well as insider threats. The integration enables organisations to identify malicious users on the cloud while also minimising false positives.
- Risk scoring: RedLock Cloud 360 incorporates Amazon GuardDuty findings into its advanced risk-scoring algorithm, already used to continuously score every workload across multiple cloud accounts based on risky attributes and behavior. Risk ratings help IT teams prioritise response and report to management and board members.
- Automated remediation: In addition to allowing organisations to detect and investigate cloud threats, RedLock Cloud 360 is designed to automatically remediate issues. This integration means RedLock Cloud 360 can automatically remediate threats identified by Amazon GuardDuty. For example, RedLock Cloud 360 will terminate a workload that initiated a reconnaissance attack, which will help provide continuous cloud security.
- Enterprise integration: RedLock Cloud 360 natively integrates with additional enterprise products, such as SIEM, workflow management, vulnerability management and security orchestration tools to aid security operations teams with single-pane-of-glass visibility to investigate, prioritise, and resolve cloud security alerts. These integrations extend to Amazon GuardDuty, allowing organisations to incorporate both RedLock Cloud 360 and Amazon GuardDuty findings and alerts into these enterprise tools.
“We’re excited to build on RedLock’s existing relationship with AWS,” said Varun Badhwar, CEO and co-founder of RedLock. “The release of Amazon GuardDuty will go a long way in moving the cloud security discussion forward and educating enterprises on risks. And we’re committed to continuing work in this critical area. Integration with Amazon GuardDuty is a natural extension of our existing capabilities that help organisations accelerate digital business by managing security and compliance risks across the cloud.”
Read more about the RedLock Cloud 360 integration with Amazon GuardDuty.
Visit RedLock at AWS re:Invent in booth 711 in the Venetian Expo Hall this week for a demo of RedLock Cloud 360 and the integration with Amazon GuardDuty.