Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with the native control plane data from your cloud service provider.

Importance of Network Traffic in the Cloud

According to IBM’s 2024 Cost of a Data Breach Report, 40% of data breaches involved data stored across multiple environments, and when breached data was stored in public clouds, it incurred the highest average breach cost at $5.17 million USD.

Navigating the differences between on-prem and cloud environments often leads to headaches for security teams. The benefits of cloud environments, such as being able to deploy and destroy infrastructure with a few clicks or automatically leverage Infrastructure as Code (IaC), has made keeping up with the changing environments a primary concern of teams trying to secure these constantly evolving and shifting environments.

In addition, the ephemeral nature of cloud environments makes security at the network layer a bit more complex, rendering a fundamental pillar of network security— the IP address—far less valuable. Security practitioners have relied on the IP address for years to understand which hosts were talking to each other. Cloud networks, with their frequent recycling of IP addresses through network address translation or orchestration tools, have made IP address attribution to specific workloads a complex task of mapping IP addresses and time stamps to control plane data from the cloud service provider (CSP).

Corelight understands the challenges involved in extending network security coverage to cloud environments. Data needed to paint a complete picture of an event often comes from both the data plane network traffic that is captured and the control plane of a public cloud provider. Correlating this data is vital in detecting and disrupting attacks.

Instead of having analysts spend valuable time attempting to correlate logs from disparate systems, Corelight does it for them. Our Cloud Enrichment populates conn logs with specific information from the CSP control plane, which enables defenders to quickly and efficiently know exactly which hosts were communicating.

Understanding Corelight’s cloud enrichment capabilities

At Corelight, we know that enriching your network data with control plane data in cloud environments drastically increases SOC efficiency. Instead of spending time correlating logs from disparate systems, Corelight automatically does this for you. We populate conn logs with specific information from the CSP control plane, enabling you to quickly and efficiently identify which hosts were communicating.

The example shown is a great representation of the type of data we can pull from AWS, Azure, and GCP, ensuring that your multi-cloud deployments will have comparable levels of data.

Key features & benefits

Key features and benefits of Corelight Cloud Security Solutions include:

• Real-time visibility. Gain instant insights into your cloud environment to enable proactive threat detection while significantly accelerating incident response .
• Enriched telemetry. Our solutions deliver complete, comprehensive visibility across all cloud environments, eliminating blind spots and unlocking threat hunting capabilities with powerful metadata.
• Ease of deployment. Simplify deployment through automation using Terraform scripts. Choose your CSP and traffic source, customize to your environment and deploy in autoscale groups.
• Advanced analytics. Leverage cloud-specific detections to identify and respond to threats across your hybrid and multi-cloud environments.
• Streamline workflows. By providing a single tool adapted to hybrid environments that consolidates datasets and toolsets (NSM, IDS , PCAP ), Corelight streamlines and accelerates analyst workflows by reducing tool sprawl and increasing efficiency.

For more information on Corelight Cloud Security Solutions:

• Read how a major mortgage lender deployed Corelight to unlock cloud visibility
• Learn more about our Cloud Security Solutions
• Download the Corelight Cloud Sensor overview
• View our Terraform modules in GitHub: https://github.com/corelight