In an earlier blog, we outlined the security challenges posed by a move to Amazon Web Services (AWS) or public clouds. This article also demonstrated how Observable Networks uses Amazon VPC Flow Logs, AWS CloudTrail, and Amazon Inspector, along with our own Dynamic Endpoint Modeling technology, to significantly improve the way companies monitor traffic and recognize possible compromises in AWS public cloud environments.
Now, in part two of this series, we present a use case example to show how a security professional uses endpoint modeling with these tools to monitor their cloud assets, which is vital to responding to potential threats in their company’s cloud environment in real time.
To begin, let’s first set the stage with our use case example.
Sharon is the security manager in IT operations for a midsize financial services company. She has been tasked with developing a security strategy in response to the company’s recent decision to move a majority of its data and IT operations to an AWS cloud infrastructure. This migration presents a significant security concern since AWS assets will be difficult – if not impossible – to monitor using traditional security tools.
This is a complex assignment considering the high number of cloud services the company plans to use, the complex combination of on-premise and datacenter-based applications, and the overwhelming number of users, workflows, and other processes. Sharon is not sure if her team can determine which employees are accessing what applications, where they may be accessing them, and whether or not these activities could present a threat. There’s a lot at risk, especially when you consider Sharon’s company must comply with strict industry regulations to protect its clients’ private data – no matter where it is stored and accessed.
Although Sharon’s team uses log audits, a SIEM tool, and other traditional security systems for its on-premise datacenter, she recognizes that these tools simply can’t provide a view of what’s happening in the AWS-deployed applications. To use a metaphor, it’s not enough just to see who is entering or leaving a building; you need to know what they’re doing when they’re inside in time to prevent an attack.
Sharon quickly realizes that traditional security approaches can only present a narrow view of what’s happening in the cloud, and not in enough time to take action before it’s too late.
After a colleague recommends Observable Networks, Sharon decides to implement its Dynamic Endpoint Modeling solution as part of her cloud security strategy. Dynamic Endpoint Modeling delivers valuable real-time awareness of the “what, when, and where” details that occur at the earliest point in a possible attack.
Here’s how it works:
Sharon’s team benefits from Dynamic Endpoint Modeling’s rich operational context on each endpoint, enabling it so generate highly selective alerts that are extremely valuable to her team. (In a recent measurement, over a 30-day period, 87% of the alerts generated were rated “helpful” by Observable clients.)
As Sharon considers her security challenge, she can compartmentalize her security needs into two components:
Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.
Detect Threats Faster – Start Your Free, No-Risk Trial