It’s Time to Bring Together Cloud Compliance and Security Analytics

Today we announced our intent to acquire RedLock, a cloud threat defense company whose technology will add comprehensive asset discovery and automated threat detection and remediation to our public cloud security offering. As a result, SecOps and DevOps teams will get the strength of leading compliance capabilities and cloud analytics from one source: Palo Alto Networks.

Pain points in the public cloud

Talk to enough organizations migrating to public cloud and you start to hear some familiar stories:

• “We don’t have visibility across the whole multi-cloud environment, and even if we do, it’s not centralized.”
• “It’s a complex process to manage compliance, especially in multi-cloud environments. How do I keep up with NIST, GDPR and all of the others?”
• “We can’t detect and respond to threats fast enough in our multi-cloud environment.”

We are solving many of these common challenges today, and expect that by early next year we will deliver a combined offering that will include the deep cloud security and compliance monitoring capabilities from Evident and RedLock’s security analytics and advanced threat detection capabilities.

What RedLock adds

RedLock captures detailed events from multiple public cloud platforms to identify and remediate threats. This enables RedLock to correlate resource configurations, network traffic, and third-party feeds to identify threats and vulnerabilities as well as identify compromised accounts and insider threats by analyzing user behavior. Remediation is then automated by integrating with existing incident response workflows.

What does that look like in the real world? Say, for example, that a developer accidentally leaks cloud access keys on a well-known forum such as Github, and that as a result of this, a hacker attempts to login to the cloud environment using those keys. RedLock’s fast analytics detect that the key is being used in an unusual location to perform an unusual activity – and immediately alerts the SOC team, with a full history of all activities associated with that key.

As another example, say a user creates a security group within an organization, but accidentally leaves it open. RedLock will discover it, see that it is associated with a VM running MongoDB, and determine that the database is receiving Internet traffic from a known malicious IP address. What happens next is the database is automatically moved to a private security group – remediating the risk.

Combining Palo Alto Networks, Evident and RedLock means we can provide the most robust security offering for the public cloud, including the following:

• Continuous discovery and inventory of public cloud resources, we provide centralized visibility to assets across multiple cloud providers -- including Amazon Web Services, Microsoft Azure and Google Cloud Platform – multiple accounts and multiple regions.
• Compliance reporting for industry standards such as NIST, PCI, HIPAA, GDPR and CIS is one click – and customized.
• Ability to prioritize vulnerabilities, detect cloud threats and investigate incidents in minutes or less, and provide automated remediation of security risks and policy violations across entire public cloud deployments.

We’re excited to add RedLock’s technology to our cloud security offering and also welcome to Palo Alto Networks a very talented team with a deep bench of cloud expertise. We expect to begin integration immediately after the acquisition’s close.

For more information, visit our announcement page.

Hear what RedLock co-founder Varun Badhwar and Palo Alto Networks Chief Product Officer Lee Klarich have to say in this video: