Only 56 percent of security alerts are investigated, and more than half of those are not remediated, according to the Cisco 2017 Annual Cybersecurity Report. Responding to these alerts is an overwhelming job, and most organizations do not have the security staff to keep up. Companies of all sizes face the challenge of securing their public cloud environments as well as their on-premises infrastructure.
Adding effective security measures for public cloud workloads—with solutions that can reduce the number of false positives—is a critical task. However, the public cloud infrastructure differs from an on-premises infrastructure. A public cloud offers fewer network monitoring capabilities even as it undergoes a very high change rate in assets. To provide effective security while reducing the number of false positives, a new approach is necessary.
Imagine that an employee’s cloud credentials are compromised, through phishing or another method. Can you tell if that employee begins logging in from another country? Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) provides the actionable security intelligence and visibility necessary to identify these kinds of malicious activities in real time. You can quickly respond before a security incident becomes a devastating breach.
● Gain actionable intelligence through visibility of your environment, from the private network to the public cloud
● Rapidly detect advanced threats and indicators of compromise
● Grow your security with your business while lowering operational overhead
● Greatly reduce false positives with higher fidelity alerts supported by underlying observations
● Attain a stronger security posture across the enterprise, including the public cloud
With Secure Cloud Analytics, you can detect external and internal threats across your environment, from the private network to the branch office to the public cloud. Secure Cloud Analytics is a Software-as-a-Service (SaaS) solution delivered from the cloud. It is easy to try, easy to buy, and simple to operate and maintain. When data is received, it requires very little additional configuration or device classification. All the analysis is automated.
Threats are constantly evolving. To detect tomorrow’s attacks, you need security that keeps ahead of them. Secure Cloud Analytics uses a behavior-modeling approach that detects a threat based on how it acts on the network. For example, if a domain controller begins to transfer data using the File Transfer Protocol (FTP), that is likely to be the first sign of a compromise. Secure Cloud Analytics detects this behavior in real time and alerts you to it.
Using dynamic learning, Secure Cloud Analytics creates a model—a kind of simulation—for each device and network entity. This model is able to:
● Dynamically determine the role of an entity based on its behavior and then detect activities inconsistent with that role
● Identify anomalies and sudden changes in behavior, both in data transmission and in access characteristics
● Detect when an entity acts differently than similar devices do
● Identify when an entity violates organizational policies, including protocol and port use, device and resource profile characteristics, and blacklisted communications
● Predict host or device behavior based on past activities, and assess observed behavior against those predictions
With these capabilities, Secure Cloud Analytics allows your staff to spend more time remediating issues instead of wasting time manually analyzing log data to determine their cause.
As organizations move more IT resources to the public cloud, they need the visibility necessary to detect threat actors targeting their cloud assets. In addition, they need an easy-to-use, operationally efficient solution. Secure Cloud Analytics’s Public Cloud Monitoring provides the visibility and threat detection capabilities you need to keep your workloads highly secure in Amazon Web Services (AWS) and Microsoft Azure environments.
It consumes all sources of telemetry native to AWS, including Amazon Virtual Private Cloud (VPC) flow logs, to monitor all activity in the cloud without the need for software agents. Secure Cloud Analytics can be deployed in these environments in a matter of minutes with no disruption to service availability.
Secure Cloud Analytics uses this data to model the behavior of each cloud resource, a method called entity modeling. It is then able to detect sudden changes in behavior, malicious activity, and signs of compromise.
In addition to securing the cloud environment, Secure Cloud Analytics can also be extended to the private network with Cisco Secure Network Analytics SaaS (formerly Stealthwatch Cloud Private Network Monitoring) to provide hybrid environment visibility and threat detection using a single dashboard. The number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization. So, with Secure Cloud Analytics, organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments.
Try Secure Cloud Analytics today with a free no risk trial.
To learn more, go to https://www.cisco.com/go/secure-cloud-analytics or contact your local Cisco account representative.