RedLock, the Cloud Threat Defense company, today announced a new series of enhanced capabilities designed specifically to help customers of Microsoft Azure—the cloud computing service for building, testing, deploying and managing applications and services—achieve greater continuous security and compliance across their environments. Just as organizations can only deliver on the true promise of cloud computing when they gain a holistic view of potential risks without impeding DevOps, which is the topline benefit provided by the RedLock Cloud 360 platform, a fully automated approach to the overall discipline is crucial. The newest enhancements for Microsoft Azure go further than ever before in this area, such as by featuring automated remediation, which greatly reduces the window of exposure.
“It’s always been our mission at RedLock to accelerate digital business through optimal management of security and compliance risks across public cloud environments,” said Ankur Shah, VP of Products at RedLock. “Given the dynamic nature of these environments, security and compliance automation is necessary to keep pace. We’re delighted to be here at Microsoft Ignite 2018, and proud to bring these cloud security innovations to the Microsoft Azure community.”
The latest advances in the RedLock 360 Platform include:
Automated remediation: The only way to keep pace with DevOps is with a fully automated approach to security and compliance. The RedLock Cloud 360 platform ensures this high level of functionality by not only enabling continuous monitoring of risks but also with the automated remediation of issues.
This is a major advantage: When a misconfiguration occurs, organizations need instant remediation in order to reduce the window of opportunity for malicious actors. For example, if the system identifies a publicly accessible Network Security Group associated with a sensitive workload, RedLock can automatically restrict access. And in addition to automated remediation of alerts for the default policies in the RedLock Cloud 360 platform, organizations can also write custom remediation rules tailored to meet their specific needs. This self-healing ability enables organizations to ensure that their ‘gold standard’ security and compliance policies are always enforced.
Holistic Threat Defense: Through the latest enhancements, RedLock consumes flow logs for network security groups across multiple regions in Azure. As a result, Azure customers can now monitor their entire environment in a ‘single pane of glass’. This level of holistic visibility better enables enterprises to detect advanced threats such as cryptojacking. By leveraging additional information about the size of the network traffic in the flow logs, RedLock can also help customers gain insights into potential data exfiltration attempts.
Advanced User Behavioral Analytics: Enhancements to the machine learning algorithms in the RedLock Cloud 360 platform now enable advanced user behavioral analytics, which ensures that Microsoft Azure customers can more effectively detect problems such as account compromises, brute force logins, and insider threats. The platform also generates a full audit trail of user and privileged activities, which allows organizations to craft policies that mitigate these risks.
Comprehensive Compliance: While the RedLock Cloud 360 platform has always provided the highest level of compliance capabilities, the new enhancements add to the list of standards supported. The coverage is now rounded out to include predefined policies for CIS, NIST CSF, PCI DSS, HIPAA, SOC 2, and GDPR. The platform generates a real-time asset inventory and continuously assesses compliance across all assets in a given environment. Auditors can verify the compliance posture of an organization’s public cloud environment with one-click reporting.
“Microsoft is committed to ensuring the highest level of security for Azure customers and offers in-depth defense through built-in controls and partner solutions,” said Adwait Joshi, director, product marketing, Microsoft Azure at Microsoft Corp. “The newest advances from RedLock will enable enhanced protection for workloads migrating to cloud and help their resources stay secure and compliant.”