The 10 Hottest New Cloud Security Tools Of 2020
The 10 top cloud security products to hit the market in 2020 can detect improper configurations, assess the risk around users seeking access to a cloud resource, and protect workloads in virtualized, private and hybrid environments.
Head In The Clouds
Vendors made great advances in 2020 securing cloud applications, data and workloads, rolling out tools that can detect improper cloud configurations and vulnerabilities, assess the risk around users attempting to access a particular cloud resource, and protect workloads running in virtualized, private and hybrid cloud environments.
Securing cloud applications has been a major area of investment, with suppliers automating cloud security management across the development lifecycle, addressing issues around application governance and compliance, and providing customers with more visibility and control over their apps.
Four of the hottest new cloud security tools come from companies based in California, two come from companies based in the Northeastern United States, two come from companies based in the Southern U.S., one comes from a company based in the Rocky Mountains, and one comes from a Canadian firm. Read on to learn what new cloud security features and functionality partners are now able to enjoy.
Cisco Cloud Mailbox Defense
Cisco Cloud Mailbox Defense launched in June and is designed to be super quick and easy for customers to stand up and use within Office 365 in less than five minutes. Cloud Mailbox Defense for Office 365 is good for organizations with smaller security and IT staffs, and leverages the Cisco Talos threat intelligence team to add an additional layer of security around blocking URLs and threat files.
Up until that point, Cisco had been the deployed gateway for email, meaning that users had to configure their mail flows so that messages were first going to the Microsoft Exchange Server. This took more customer effort to configure and manage on an ongoing basis.
But when Office 365 gets an email in Cisco Mailbox Defense, the company gets sent a copy for security analytics purposes, which allows Cisco to look at the reputation of the domains and URLs with the help of OpenDNS and Cisco Umbrella. The APIs provided by Office 365 also allow Cisco to extract an email out of the user’s inbox and quarantine it if necessary.
CrowdStrike Falcon Horizon
CrowdStrike Falcon Horizon was unveiled in October to automate cloud security management across the app development lifecycle, enabling customers to securely deploy applications in the cloud with greater speed and efficiency. It prevents cloud misconfigurations, reduces alert fatigue with targeted threat prevention, and provides visibility and control across private, public, hybrid, and multi-cloud settings.
The module delivers continuous discovery and visibility of cloud-native assets, providing valuable context and insights into the overall security posture as well as the actions required to prevent potential security incidents. Falcon Horizon also provides real-time monitoring of cloud resources to detect as well as guided remediation for misconfigurations and vulnerabilities before they impact business.
Falcon Horizon enables security teams to gain visibility, prioritize threats, reduce alert fatigue by eliminating noise, and take immediate action. It continuously monitors for anomalies and suspicious activity within workloads and correlates these insights with misconfigurations to accelerate response and optimize business performance.
eSentire esCloud was announced in February and brings around-the-clock configuration and vulnerability monitoring as well as threat detection and response to Infrastructure as a Service and Software as a Service deployments. The portfolio extends eSentire’s managed detection and response (MDR) capabilities and threat hunting expertise from on-premises to modern cloud environments.
The esCloud portfolio initially included support for Amazon Web Services, Microsoft Azure, Google Cloud Platform and Microsoft Office 365, with support for Google G Suite, Salesforce, ServiceNow, Dropbox and Box expected to follow over the next several months.
esCloud constantly monitors customer cloud environments to detect improper configurations and vulnerabilities that could lead to data loss and compromise. Automated policy enforcement, combined with response and remediation from eSentire’s expert security analysts, ensures that customers can operate in the cloud with confidence.
McAfee MVision Cloud Native Application Protection Platform
The McAfee MVision Cloud Native Application Protection Platform delivers data protection, threat prevention, governance and compliance throughout the application lifecycle, including container and OS-based workloads. It is the industry’s first platform to converge Cloud Security Posture Management for public cloud infrastructure with Cloud Workload Protection to protect hosts and workloads.
The platform was unveiled in October, and provides discovery of all workloads, data and infrastructure across endpoint, networks and cloud, and can prioritize them based on risk. It also protects against configuration drift and provides vulnerability assessment across virtual machines, containers and serverless environments, which helps unleash developer productivity through frictionless automation.
The McAfee Cloud Native Application Protection Platform additionally provides the ability to build policy based on zero trust as well as behavioral observation to both eliminate false positives and achieve scale with known good behavior enforcement. Moreover, the platform can automate security controls for continuous compliance and governance of data and permissions.
Ping Identity PingOne Risk Management
Ping Identity PingOne Risk Management is a cloud service that was released in October and uses machine learning to evaluate risk signals and detect threats in real time. It evaluates user context and multiple signals to understand the level of risk posed by a user attempting to access a particular resource.
The service uses machine learning models that learn past user login behavior so that the organization can detect anomalous behavior and assign a level of risk. PingOne Risk Management can also detect if an IP address is associated with an unknown VPN, TOR or proxy, which increases the probability of malicious behavior.
PingOne Risk Management additionally calculates if the time between the current login location and the previous location is physically possible via travel, and flags the login as presumptive suspicious activity if not. The service also evaluates IP addresses to determine if they were previously used in malicious activity.
Innovations to the Proofpoint Cloud Access Security Broker (CASB) were introduced in February to help safeguard the cloud applications employees access every day, such as Amazon Web Services, Box, Google G Suite, Microsoft Office 365 and Slack. The offering gives organizations visibility and control over cloud applications while allowing security teams to deploy cloud services with confidence.
Proofpoint CASB started offering automated detection and remediation of malicious third-party applications in Microsoft Office 365 and Google G suite. This innovation has helped stop attacks that may start by email and launch third-party applications that provide attackers with persistent system permissions and access.
Risk-based access enhancements will detect if a user device is unmanaged and restricting access, plus users will be able to determine risk levels during login and respond with adaptive controls, such as multifactor authentication. And an integration with Proofpoint threat intelligence was expected to expand suspicious file activity detection for Microsoft Office 365.
Secureworks Cloud Configuration Review
Secureworks Cloud Configuration Review debuted in February to help customers detect configuration vulnerabilities, understand the business impact of critical risks, and address security and compliance issues around public cloud adoption. A partnership with VMware has helped address big cloud security challenges, including the exposure of critical assets due to misconfigurations and insider mistakes.
The service includes a customer workshop to understand a customer’s business context, multicloud footprint, security policies and compliance needs. From there, a Secureworks scan of Amazon Web Services and Microsoft Azure infrastructure with VMware Secure State technology assesses cloud configurations against proprietary best practices and regulatory compliance frameworks.
A review of VMware’s findings by Secureworks can provide customers with a visual understanding of security risks, recommendations for remediation action, and guidance on how to prioritize security controls. Customers receive 30-day access to VMware Secure State to improve understanding of cloud asset relationships and plan a remediation strategy in collaboration with other teams.
VMware Carbon Black Cloud Workload
VMware Carbon Black Cloud Workload was unveiled in September and delivers advanced protection to better secure modern workloads, reduce the attack surface and strengthen security posture. It combines vulnerability reporting and workload hardening with prevention, detection and response capabilities to protect workloads running in virtualized, private and hybrid cloud environments.
The product combines Carbon Black’s security expertise with VMware’s deep knowledge of data centers to build security into workloads. Carbon Black Cloud Workload helps security and infrastructure teams focus on the most high-risk vulnerabilities and common exploits across their environments, prioritizing based on the Common Vulnerability Scoring System, real-life exploitability and real-life attack frequency.
Carbon Black Cloud Workload protects workloads running in highly dynamic virtualized data center environments by combining vulnerability assessment and workload hardening with antivirus, workload behavioral monitoring and endpoint detection and response. The tool builds security risk visibility right into VMware vCenter, giving them the same visibility security operations have in Carbon Black Cloud.
Zix Secure Cloud
Zix combined the security and compliance offering from its 2019 acquisition of AppRiver with its own in April to create a single platform that safeguards digital communication tools. The company said it spent $20 million to develop Secure Cloud, which vastly improves upon a loose integration rolled out in July 2019 to make Zix’s intellectual property available to AppRiver partners.
A lot of work has been done at the application level to improve Secure Cloud’s advanced threat capabilities touching upon everything from sandboxing and messaging protection to integrations with SIEM (Security Information and Event Management) platforms. Up until now, Zix’s technology was mostly focused on protecting against phishing, malware and business email compromise (BEC) attacks.
Another new security feature with Secure Cloud is time of link click protection, meaning that a destination link in an email is scanned at the time the link is clicked to ensure there’s not malware on the site even if the email itself is from weeks or months earlier. Secure Cloud can also quarantine and remove a malicious attachment sent to multiple mailboxes in one fell swoop, according to the company.
Zscaler Cloud Protection
Zscaler Cloud Protection was unveiled in December to simplify and automate protection for workloads on and between any cloud platform. The platform minimizes attack surface and automates globally enforced security policies across organizations’ multi-cloud footprint, extending a zero-trust approach to cloud workloads.
By removing concerns around an organization’s attack surface and global policies across multiple clouds, Zscaler Cloud Protection can help customers accelerate their cloud strategies with confidence. The platform continuously ensures secure configuration and compliance of cloud platforms and eliminates lateral threat movement with identity-based micro-segmentation.
Zscaler Cloud Protection simplifies and secures app-to-app connectivity within and across clouds, and additionally secures access to cloud applications without exposing them to the internet. Zscaler leverages automation, understandable business-level policies and least privilege access for cloud migration to deliver a 90 percent reduction in security policies and cost cuts of 30 percent or more.