Read the Gartner® Competitive Landscape: Network Detection and Response Report
Read the Gartner® Competitive Landscape: Network Detection and Response Report
START HERE
WHY CORELIGHT
SOLUTIONS
CORELIGHT LABS
Close your ransomware case with Open NDR
SERVICES
ALLIANCES
USE CASES
Find hidden attackers with Open NDR
Corelight announces cloud enrichment for AWS, GCP, and Azure
Corelight's partner program
10 Considerations for Implementing an XDR Strategy
August 6, 2024 by Todd Morneau
This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with the native control plane data from your cloud service provider.
According to IBM’s 2024 Cost of a Data Breach Report, 40% of data breaches involved data stored across multiple environments, and when breached data was stored in public clouds, it incurred the highest average breach cost at $5.17 million USD.
Navigating the differences between on-prem and cloud environments often leads to headaches for security teams. The benefits of cloud environments, such as being able to deploy and destroy infrastructure with a few clicks or automatically leverage Infrastructure as Code (IaC), has made keeping up with the changing environments a primary concern of teams trying to secure these constantly evolving and shifting environments.
In addition, the ephemeral nature of cloud environments makes security at the network layer a bit more complex, rendering a fundamental pillar of network security— the IP address—far less valuable. Security practitioners have relied on the IP address for years to understand which hosts were talking to each other. Cloud networks, with their frequent recycling of IP addresses through network address translation or orchestration tools, have made IP address attribution to specific workloads a complex task of mapping IP addresses and time stamps to control plane data from the cloud service provider (CSP).
Corelight understands the challenges involved in extending network security coverage to cloud environments. Data needed to paint a complete picture of an event often comes from both the data plane network traffic that is captured and the control plane of a public cloud provider. Correlating this data is vital in detecting and disrupting attacks.
Instead of having analysts spend valuable time attempting to correlate logs from disparate systems, Corelight does it for them. Our Cloud Enrichment populates conn logs with specific information from the CSP control plane, which enables defenders to quickly and efficiently know exactly which hosts were communicating.
At Corelight, we know that enriching your network data with control plane data in cloud environments drastically increases SOC efficiency. Instead of spending time correlating logs from disparate systems, Corelight automatically does this for you. We populate conn logs with specific information from the CSP control plane, enabling you to quickly and efficiently identify which hosts were communicating.
The example shown is a great representation of the type of data we can pull from AWS, Azure, and GCP, ensuring that your multi-cloud deployments will have comparable levels of data.
Key features and benefits of Corelight Cloud Security Solutions include:
For more information on Corelight Cloud Security Solutions:
Securing multi-cloud environments presents significant challenges due to the expanding attack surface and constant evolution of cyber threats and ever-changing network topology. See how to effectively mitigate limited visibility, missed detections and inefficient response times.
Tagged With: network security, cybersecurity, AWS, cloud security, microsoft, Google, cloud, featured