Proactive Cloud Security Threats Detection and Response
Security teams need a solution that scans your cloud network to proactively detect and respond to cloud security threats. See how Cyware addresses this issue.
Category: Network Security
Cyware Products Used
Cyware Fusion and Threat Response (CFTR)
Orchestrate (CO)
Third-party Integrations Used
AWS Cloud: Cloud computing solution to build, deploy, and manage web applications, websites, or processes.
Wiz: Cloud monitoring solution to provide direct visibility, risk prioritization, and remediation guidance for development teams to address risks in their own infrastructure and applications.
Problem Statement
Organizations use cloud services for different solutions within their business. But, with cloud computing comes the need to have complete visibility into misconfigurations, vulnerability management, compliance monitoring, cloud security, and more.
Solution
Security teams need a solution that scans your cloud network to provide complete visibility. This includes analysis of misconfiguration, network exposure, vulnerabilities, sensitive data, and security risks. The alerts and information can be onboarded to a threat response solution to provide an effective and timely response to the threats before they are exploited.
How do we solve this problem?
Retrieve Latest Alerts: The playbook starts by retrieving the latest alerts from the Wiz cloud security monitoring platform and formats the essential data from the alert. You can also configure a required cloud security monitoring platform to perform detection.
Retrieve Machine Details: The playbook queries the cloud service provider to get more details about the machine and applications identified in the alert. The information from the cloud security provider is combined with the alert details to add more context to the alert.
Create Incident: The playbook onboards the details of the alert to a new CFTR incident. The incident contains the alert details and the machine details retrieved from the cloud service provider.
Update Impacted Assets: The playbook searches for the impacted assets in CFTR using the machine ID and connects the findings with the incident.
Ready for Investigation: The details of the incidents are available on CFTR to be taken over by security analysts for manual investigations and closure.
Benefits
Complete Visibility and Risk Protection
The solution gives you a view into your cloud infrastructure and lets security teams focus on the risk. Additionally, security teams can further prioritize and mitigate the risk at the source.
Streamline Incident Onboarding Process
Security teams can automatically gather data from cloud monitoring solutions, perform enrichment, and automatically onboard incidents for investigation. This streamlines the process by removing the need for a human to notice the relevant security data, identify it as a security incident, and manually set up an incident in the system.
Faster Detection and Response Times
Cyberattacks on cloud solutions can cause severe damage to the data and intellectual property of an organization. Hence an automated playbook plays an important role in countering the threat at machine speed instead of relying on slower, manual processes.