In the world of cybersecurity where information holds the keys to the kingdom, there is no shortage of data generated by numerous security tools. However, there arguably remains a lack of information. Security professionals often refer to information as ‘Actionable Intelligence’ or ‘Context’. Those engaged in the trenches of cyber warfare would appreciate a more nuanced view which states that Context is the catalyst that converts Data into Intelligence. Context helps answer important questions such as How, What, Where, When and Who, but even more advanced questions such as So What and What Next, to get to the root cause and aid remediation. While context may be an easy concept to grasp, execution remains challenging.
With that context (pun intended) I am pleased to announce the launch of Cisco Secure Cloud Insights in partnership with JupiterOne. Secure Cloud Insights brings fresh and powerful capabilities to the SecureX portfolio, including comprehensive public cloud inventory and insights, relationship mapping to navigate cloud-based entities and access rights, and security compliance reporting. This new offering extends beyond traditional cloud security posture management and will enable Cisco’s security customers to effectively manage risk and reduce the attack surface of their cloud-native processes and applications.
Cisco has witnessed organizations on their digital transformation journeys grappling with IT sprawl and struggling to gain visibility into their cyber universe. Cloud Insights addresses this very pain-point by tracking and normalizing data across multi-cloud and hybrid environments. Cloud Insights provides a knowledge graph of consolidated metadata pertaining to configurations, access policies, settings, tags, rules, and more that govern interaction between entities. Entities encompass users, roles, groups, policies, databases, datastores, devices, code repositories, storage buckets (eg. AWS S3), cloud compute instances (eg. AWS EC2), containers, functions, etc. APIs ingest this data from approximately fifty pre-defined integrations covering public cloud environments, vulnerability scanners, endpoint protection and network security tools, development and code repositories, identity providers, and more. Custom integrations are also supported using SDKs and webhooks.
Figure 1: Visualization of the graph database
While the graph database of mapped interactions is one of the key pillars of Cloud Insights, the other pillar is the ease with which this rich data can be queried. A simple plain language search maps to over 550 pre-built queries, with the option to create custom queries. Queries, singly or in combination, form the basis of all outcomes, be they alerts, summary dashboards, or compliance reports. By querying against this comprehensive relationship graph, tremendous opportunities and use cases become available. Cloud Insights uses this rich context to determine an organization’s security posture, including Cloud Security Posture Management, and reduces exposure by reporting compliance gaps, thereby promoting effective cyber governance and attack surface management.
With this introduction to Secure Cloud Insights, let us examine how the service fits in an organization’s security apparatus. We are experiencing a coming together of security outcomes that serve various stakeholders, be it Security Operations, Development Operations, Application Security, Cloud Architects, or Identity and Data protection processes.
Figure 2: Interaction between various cloud-native security functions
While SecOps starts on the left with security posture and attack surface management as its entry point, DevOps start at the far right with continuous integration and continuous delivery (CI/CD) pipeline and application/API security as their main care about. As SecOps moves right and begins to influence the other stakeholders within a mature organization, DevOps shifts left to include pre-deploy checks by using runtime security inputs. Due to this evolution in operations, tooling is needed to provide end-to-end coverage, no matter who the buying center or user is in an organization. Cloud Insights is thus positioned to provide contextual visibility that encompasses and enhances observability across the entire organization.
It is for this reason that we have integrated Cloud Insights with Cisco’s security platform SecureX and intend to have it play a bigger role as a context wrapper for numerous other Cisco security services. Early research suggests force multiplier effects through interactions with SecureX’s Device Insights, and a symbiotic relationship with Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud). While Secure Cloud Insights connects the dots, Secure Cloud Analytics baselines behavior by analyzing traffic flowing between those dots. Integrated together, they can surface relationship-based and anomaly-based threat vectors. Early interest has also been evinced by the market of this powerful duo’s interaction with other Cisco Secure properties such as Portshift and Kenna. With this partnership, Cisco has strengthened its position to serve our customers’ cloud native and hybrid IT security needs. It has also strengthened the Cloud component in Cisco’s SecureX Platform, as seen in the figure below.
Figure 3: Inclusion of Cloud Insights to Cisco SecureX
Source: cisco.com
0 comments:
Post a Comment