Understanding Secure Cloud Analytics
Cisco Secure Cloud Analytics is a SaaS-based network detection and response (NDR) offering that give CISOs more confidence in their ongoing journey into the cloud. This solution is already built to protect your public cloud resources, as it provides comprehensive visibility into all of your public cloud traffic. It is a true multicloud solution and can ingest native telemetry from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). It even has the ability to detect threats in encrypted traffic without active packet inspection. Figure 8-35 illustrates the inclusion of Cloud Insights into Cisco SecureX.
Figure 8-35 Cloud Insights in Cisco SecureX
Secure Cloud Analytics is a highly flexible event viewer that offers a wealth of information about your business’s cloud deployment, resource configuration, alignment to industry standards and regulations, and much more. Here is a breakdown of how these features will help your business:
• Encourage collaboration through simple reporting on cloud security posture: Secure Cloud Analytics enables your DevOps and SecOps groups to work cohesively, as one team. It identifies a critical gap that often exists between these functions. Your SecOps team is focused on threat hunting and protecting the business. It must monitor the network for alerts and address suspicious behavior in a timely manner. DevOps is responsible for implementing changes to code and configuring cloud resources but often lacks visibility into what SecOps is discovering about the network. The event viewer allows the SecOps teams to identify vulnerabilities and gather critical information about configurations in the cloud and seamlessly deliver this information to DevOps to ensure that proper adjustments are made and that cloud workloads stay secure. Integrated with Cisco SecureX and other third-party platforms, Secure Cloud Analytics makes it easier than ever for teams to communicate their findings and make fluid adjustments in the public cloud.
• Maintain compliance and meet standards unique to your industry: There is no one team solely responsible for ensuring compliance or meeting segmentation rules; however, these new features enable teams to find and share information about public cloud traffic easily. The event viewer allows users to monitor cloud posture as it relates to various industry best practices. Users can investigate all cloud accounts and be alerted on those that are not compliant with industry standards like PCI, HIPAA and CIS frameworks or custom internal policies. Robust filtering and query searches allow the user to zero in on misconfigured or vulnerable assets that cause any compliance concerns.
• Seamlessly monitor and protect your public cloud resources: The bread and butter of Secure Cloud Analytics is its ability to classify your network devices and monitor their behavior to detect threats. This process is known as dynamic entity modeling. Upon deployment, Secure Cloud Analytics starts to establish a baseline for learned “normal” behavior. While it does provide some alerts out of the box, the most powerful alerts are triggered when it begins to understand the network and sees some deviation from the behavioral norm. It automatically groups your cloud resources into roles such as EC2 instances, S3 buckets, AWS load balancers, and more. It generates alerts like Geographically Unusual Azure API Usage and AWS Lambda Invocation Spike, which are designed specifically to spot vulnerabilities in your cloud configurations.