最后更新于2023年11月20日星期一17:22:21 GMT
又到了每年的这个时候! AWS Re:发明, Amazon Web 服务’ annual mega-conference will soon kick off in Las Vegas 和 there are sure to be a ton of new cloud security innovations unveiled throughout the week. From a Rapid7 perspective, we’re launching an exciting new capability - Cloud Anomaly 检测.
现在可以为Rapid7客户提供早期访问, Cloud Anomaly 检测 helps security teams detect unknown threats in their cloud environments that traditional rule-based detections miss, 和 with more precision to avoid excess noise 和 false positives.
利用人工智能在大海捞针
Detecting malicious activity in cloud environments poses a formidable challenge in cybersecurity due to the inherent speed 和 complexity of the cloud. 云基础设施是动态的, 不断变化的虚拟资产, which makes it hard to pinpoint 和 respond to threats effectively. 云配置的复杂性, 资产的短暂性, 和 the vast data generated can obscure malicious activities, 需要先进的监测和分析工具.
另外, 独特的云威胁景观, the different dynamics of detection 和 response compared to traditional IT environments, 和 the multiplicity of stakeholders involved further complicate the security l和scape. Cloud incident investigations are often hindered by inefficient data access 和 a lack of context for affected cloud assets. 这种复杂性, combined with a skills gap 和 the ongoing transition to cloud technologies, 这使得云安全特别具有挑战性.
For some time now Rapid7 customers have benefited from the ability to ingest native threat detections from cloud providers 和 consolidate them into a single place. Cloud Anomaly 检测 represents a significant leap forward adding native threat detections fueled by Rapid7’s proprietary AI detection engine to analyze control plane API activity 和 surface anomalous behavior across customers’ cloud environments. 当与deep结合时, 实时了解环境, the platform allows security teams to respond to threats quickly 和 with the context needed to determine root cause 和 potential impact.
驯服与异常检测相关的噪声
One of the persistent challenges that comes with attempting to detect anomalous user 和 entity behavior is that it can often present a significant amount of excess noise, 通常伴随着大量的误报. This is due in large part to the complexity 和 rate of change that we outlined earlier. Not only is the overall composition of the environment constantly changing, but the way users 和 services in turn interact with each other are constantly-changing in kind. Often security teams are faced with a tradeoff between casting a wide net 和 dealing with the inevitable situation of chasing down benign activity or honing in further 和 risking actually malicious activity going undetected.
Rapid7's Cloud Anomaly 检测 connects to your cloud environment - without the need for an agent - to monitor API activity by analyzing audit logs, 为每个云主体创建活动配置文件, 比如用户, 机器, 存储桶, 和更多的. What sets this engine apart is its ability to automatically search for behavioral anomalies 和 prioritize potential 风险 in less than 10 minutes based on historical data. 重要的是, the engine is calibrated to reduce false positive alerts by focusing on detecting malicious activity without relying on specific pre-configured attack indicators. 它还考虑可疑活动的背景, taking into account recent actions by the same principal 和 adapting to changes in overall activity profiles 和 the cloud environment automatically.
将云威胁检测集成到SOC工作流程中
当与SOC分析师交谈时, one of the things that became crystal clear to the team here at Rapid7 early on in the development process was the desire to consolidate threat detection 和 response activities into the existing workflows teams had in place today, including the SIEM/XDR tools that the SOC teams relied on (和 had made significant investment in already). 集成云威胁检测, 包括本地和第三方解决方案, into your current SOC workflows involves making the cloud threat findings themselves as well as the context needed to enrich those findings with all relevant environment details accessible through an API for easy ingestion into SIEM/XDR tools.
为此目的, we’ve ensured teams can easily send detections from Cloud Anomaly 检测 via API into whatever tools they’re using today. 云上下文丰富API, 这是今年早些时候发布的, 提供与云属性相关的广泛数据, 的见解, 配置错误, 漏洞, 风险, 和更多的, 加快调查进程, 提高保安行动的效率. The combination of Cloud Anomaly 检测 和 Cloud Context Enrichment ensures SOC teams have the tools needed to incorporate cloud into their existing detection 和 response workflows.
有兴趣了解更多? 来看看我们的AWS Re:发明!
我们将展示云异常检测 在AWS Re:发明, so if you’re there be sure to stop by booth #1270 和 check it out!
