The 7 Hottest Cloud Security Products At RSA Conference
From identifying unsecured AWS S3 buckets and centrally managing EC2 instances to preventing risks around new SaaS applications, here’s a look at seven products that mitigate cloud security threats.
Head In The Clouds
Vendors attending the 2021 RSA Conference have rolled out products that: secure sensitive data across Amazon Web Services, Microsoft Azure and Google Cloud; centrally manage AWS EC2 instances, and identity and remediate risks in the AWS ecosystem such as unsecured S3 buckets.
The investments, though, go well beyond the public cloud. Companies are hard at work: discovering and preventing risks around thousands of new SaaS applications; continuously aggregating, assessing, and scoring cloud-based threats; and virtualizing and prioritizing their biggest cloud risks to proactively reduce their blast radius.
From authenticating users in the cloud to providing privileged access management capabilities around AWS to controlling access to applications and sensitive data in the cloud, here’s a look at what seven major players are doing to address cloud security challenges and threats at RSA Conference 2021.
Thales Data Protection For Multicloud Environments
Thales’ new data protection offerings for Google Cloud, Microsoft Azure and Amazon Web Services allow organizations to bring their own security to the cloud and solve big challenges around discovering critical data, reducing operational complexity, and ensuring data sovereignty. The offering allows clients to maintain control of their encryption keys and manage access and authentication in the cloud.
Thales Data Discovery and Classification now automates the discovery, classification, and protection of data in AWS S3 buckets and Azure Blob storage through encryption of tokenization. The company now encrypts Kubernetes secrets and Google Anthos Service Mesh signing keys, and leverages CipherTrust Transparent Encryption access controls to protect data in AWS S3 buckets.
Thales is also offering CipherTrust Cloud Key Manager support for Google Cloud’s External Key Manager, making it easier for customers to manage more encryption keys across multicloud environments. Plus SafeNet Trusted Access now integrates out of the box with Google Workspace, Azure and AWS to enforce appropriate access controls and authentication for privileged and regular users.
ThycoticCentrify Cloud Provider Solution
ThycoticCentrify’s new cloud provider solutions centrally manages Amazon Web Services billing accounts, identity and access management (IAM) accounts, and AWS EC2 instances in real-time. It extends a set of existing privileged access management capabilities to automate continuous discovery of all AWS EC2 instances, providing full visibility of instances even in elastic auto-scaling groups.
AWS root/billing accounts are vaulted for emergency access only, ThycoticCentrify said, and interactive access to AWS Accounts via the AWS Management Console, AWS CLI, SDKs, and APIs is controlled. AWS IAM accounts and associated Access Keys are eliminated or vaulted to reduce the attack surface, with SAML-based federated single sign-on providing a more secure and lower maintenance alternative.
Continuous EC2 discovery and post-discovery automations allow for complete and accurate visibility, ensuring that EC2 instances and their privileged accounts are immediately secured and brought under centralized management. ThycoticCentrify’s cloud provider solution is initially available for AWS and will soon be extended to Microsoft Azure and other cloud provider platforms.
Varonis DatAdvantage Cloud
Varonis DatAdvantage Cloud visualizes and prioritizes security risk, allowing organizations to see and prioritize their biggest cloud risks, proactively reduce their blast radius, and conduct faster cross-cloud investigations. It correlates identifies with privileges and activities across cloud stores, including Amazon Web Services, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack and Zoom.
DatAdvantage Cloud provides a clear view of permissions across an organization’s cloud services with recommendations to eliminate excessive, inappropriate, or unused privileges. It prevents cloud account takeovers, insider threats, and inadvertent policy violations with cross-cloud auditing and alerts on suspicious activity and policy violations.
Cloud events can be normalized and enriched with DatAdvantage Cloud to allow security analysts to investigate incidents cross-cloud without having to craft complex, service-specific queries, Varonis said. DatAdvantage Cloud can also automatically link accounts across disparate cloud services to form a single identity while easily uncovering over-privileged shadow accounts both human and non-human.
CrowdStrike Falcon Horizon
New features in Falcon Horizon leverage CrowdStrike’s powerful telemetry to deliver indicators of attack for the cloud control plane and provide DevOps tools for faster detection and remediation. The new capabilities include continuous threat detection, monitoring and correlation across cloud and on-premises environments to help security teams cut through the noise of a multi-cloud environment.
Falcon Horizon’s new CrowdStrike Confidence Scoring continuously aggregates, assesses and scores cloud control plane threats and changes in configuration to accurately identity malicious activity. The scores help security teams prioritize the most urgent threats, allowing them to identify, understand and act against critical threat activity and avoid sifting through inconsequential alerts.
Falcon Horizon enables faster integration and remediation with organizations’ DevOps and collaboration tools, seamlessly onboarding new cloud accounts through CrowdStrike’s API. The offering also provides simplified management and security policy enforcement from a single console, eliminating blind spots, preventing security incidents, and ensuring application availability for any cloud.
Palo Alto Networks SaaS Security
Palo Alto Network SaaS Security is a cloud access security broker (CASB) which proactively protects both on-premise and cloud-hosted applications. It automatically discovers and prevents risks with thousands of new Software as a Service applications before they become a problem, according to the company.
Continuous identification, categorization, and granular risk-based control of known and previously unknown SaaS applications is provided through App-ID technology, ensuring new applications are discovered automatically as they become popular. Palo Alto Networks SaaS security integrates natively into the company’s hardware as well as its next-generation firewalls.
Meanwhile, Palo Alto Networks Cloud Identity Engine is designed to consistently authenticate and authorize users regardless of location and where user identity stores live. This empowers organizations to move toward a Zero Trust strategy and provides them with access to applications and data in the cloud, on-premises, or in a hybrid model.
Blumira AWS Security Monitoring
Blumira has launched Amazon Web Services security monitoring into its cloud security platform, giving customers greater visibility and control over the security of their entire technology stack. The company’s monitoring of AWS GuardDuty, CloudTrail and VPC Flow Logs helps users easily identify and remediate risks like publicly exposed S3 buckets that can result in data leakage and compliance violations.
The company’s technology monitors attack patterns, analyzes billions of events for malicious activity, and surfaces contextual data needed to reduce the noise, time and manual effort spent on investigation. This enables small IT and security teams to quickly respond to indicators of an attack in progress such as account changes, potential malware infection, and abnormal cloud infrastructure behavior, Blumira said.
In addition to AWS, Blumira’s cloud security monitoring and reporting tool integrates across both on-premises and cloud services like Microsoft Office 365, Azure and Google Workplace (formerly G Suite). Blumira said it protects against cloud threats such as attacker login attempts, data leakage, device malware, and other malicious behavior that could result in a ransomware infection or data breach.
SecurID G&L Cloud
SecurID Governance and Lifecycle Cloud will deliver capabilities from the cloud that allow the world’s most security-sensitive organizations to work dynamically, accelerate innovation, and advance zero trust security. The offering allows firms to gain visibility, insights and control over access to all applications, systems and data, answering who has access to what, how they got access, and why they need it.
The offering provides day-to-day operational and management support of the cloud-hosted platform, freeing up customer resources to focus on their core business. With SecurID G&L Cloud, customers avoid the cost and time of building out their own IT infrastructure to support identity governance and administration and save on operational costs through a managed offering.
The SecurID team takes responsibility for management tasks with G&L Cloud such as: upgrades, maintenance, and patches; monitoring access reviews and collections; and reporting and dashboards. Other enhancements to SecurID G&L including Docker deployment support make it easier to implement the product in the cloud.