Based in Menlo Park, CA, RedLock provides organizations with the most comprehensive view of their cloud infrastructure security posture. The platform automatically discovers cloud infrastructure changes via APIs and correlates configurations, user activities, and network traffic to build a dynamic network graph. RedLock then applies machine learning to generate risk models and further enriches them with data from external sources such as threat intelligence feeds, vulnerability scanners, and SIEMs. With this holistic view, RedLock is able to accurately quantify risk with a score and help organizations prioritize active threats. “Existing solutions on the market are missing key components such as network traffic analysis and external data source integration, creating blind spots. Moreover, our API-based approach provides greater scalability as compared to agent-based solutions,” notes Badhwar.
The RedLock platform is prepackaged with policies that adhere to security best practices for cloud workloads established by the Center for Internet Security (CIS), making policy management a simpler task. It also supports the creation of custom policies and continuously monitors for policy violations. The dashboards provide real-time visibility into the security and compliance posture of the cloud environment. The RedLock platform’s graph intelligence enables security teams to rapidly perform incident investigations.
With RedLock, security teams can automate cloud infrastructure security and keep pace with DevOps
The network graph automatically highlights malicious activity, making it a breeze to prioritize active threats. Drilling down on the graph provides a view of time-serialized activity, enabling teams to view the history of changes and better understand the root cause on an incident. “Security teams can respond to risks by sending alerts, orchestrating policy, or performing auto-remediation,” states Badhwar.
In one of the implementation highlights, a number of development teams at a multinational software corporation were leveraging AWS for hosting critical applications. The client’s security team had no visibility into the cloud environment. The security team had built a custom application for Splunk, which ingested AWS VPC logs, but it was too cumbersome for them to correlate the massive volumes of data and extract actionable insights. Also, the sheer volume of the ingested logs significantly increased their Splunk costs. The security team was able to deploy RedLock in minutes. The platform immediately began collecting data from the environment to identify the types of workloads running in these environments, their related configurations, and corresponding risks. The client’s security team gained real-time visibility across the organization’s entire AWS environment, monitored for policy violations, and performed on-demand incident investigations to detect anomalous activity.
RedLock already has a number of patents pending and plans to continuously broaden the scope of the functionalities offered by its platform. “Our goal is to expand support from AWS, Azure, and Google Cloud Platform to additional public cloud platforms. We are also continuously adding new policy sets based on popular industry compliance mandates as well as integrating with additional external data sources,” concludes Badhwar.