In today’s Whiteboard Wednesday, Lital Asher-Dotan, Senior Product Marketing Manager, will talk about cloud security monitoring and why monitoring cloud services alone isn’t enough.
Cloud security monitoring is very important in today’s business environment. As more and more employees use cloud services to help boost productivity, you as a security professional, need to be aware of what cloud services are being used by your employees and if there is any malicious or abnormal activity happening on these cloud services.
While monitoring cloud services is great, it is important to also monitor mobile and on premise in conjunction with monitoring cloud services. Lital will give you a couple of examples around why this is important and how this added information will help you detect malicious activity which would otherwise go unknown.
Hello and welcome to our Whiteboard Wednesday. My name is Lital Asher-Dotan, and I'm Senior Product Marketing Manager here at Rapid 7. Today I'm going to talk to you about why cloud monitoring by itself is just not enough to secure your organization.Show more Show less
So I guess you are going to the Cloud like many of our other organizations that we're working with. We know that Cloud services provide a lot of productivity to your organization, it enables your organization to travel all over the world, and it's just so much easier for people to use and cost a lot of funding. But we know that in case you're going to the Cloud you have to secure it, you have to get good visibility to what people have been using, and then be able to protect it.
Well, that's the right way, and we at Rapid 7 really believe that this is the right approach. However, we would like you to know that looking at the Cloud just by itself is not enough. Let me give you an example.
We have a lot of systems that would just provide you visibility to Cloud services and to where people authenticate to Cloud services from. So we'll give you John Doe as an example. John is a sales engineer in your organization. He is a remote employee that works from all over the world. He goes and meets with customers in Asia, in South Pacific, and in the Middle East. He would be all over the world authenticating to your network on a regular basis.
If you used a regular Cloud monitoring tool, you would be able to spot that right now John has been accessing Sales Force from Shanghai. This is probably looking like a very legitimate access to Sales Force. You know, John has been accessing Sales Force in so many places all over the world and he just did it from Asia a week ago.
But to give you a little bit of more context, if you start looking at John's VP analogues, and on his mobile device, you would see that just at the same time, two minutes after accessing Sales Force, John is VPNing from a cafe in Boston, Massachusetts, and his mobile devise is being authenticating to ActiveSync from the same location, exactly in Boston. Well, once you have this perspective, does this Sales Force authentication still look legit? Well, to me it looks like a potential compromise. Maybe somebody is compromising his account and entering Sales Force from Shanghai.
Only if you are able to look at user-level, at his behavior across on Prem, Mobile, and Cloud services, you can spot these attacks on Cloud services that would otherwise look normal if you only look at the cloud and don't do the whole environment in conjunction.
Thank you for joining us today. Hope to see you next week.
See how InsightIDR can help you detect intruders earlier in the attack chain.Watch Demo