Cloud Monitoring: Businesses and organizations are shifting more and more of their services and capabilities to the cloud taking benefit of the economies of scale generated from offered cloud services: Software (SaaS), Platform (PaaS), and Infrastructure as a Service (IaaS).

As the footprint of small to large scale enterprises at the cloud increases, customers’ cloud workloads need to be protected from emerging security threats. Data beaches, credentials stuffing or account hijacking, code injection to insecure APIs, system vulnerabilities, malicious insiders, and resources abuse are some of them, requiring cloud-specific incident response plans. But obtaining visibility of threats and risks across the aforementioned principles of cloud services, still remains a foundational step for many organizations today.

Benefits

Addressing the security challenges of cloud monitoring and effectively countering risks and non-compliance issues in containers of IaaS resources or PaaS deployments, organizations need new solutions and approaches. Yet, they may not always afford the investment cost to 24×7 on-premise monitoring or hire threat experts with cloud expertise skills. Obrela’s Managed Detection and Response (MDR) service can instead support real-time monitoring and analysis of event data from industry known Cloud Platforms enhancing cloud security with threat intelligence and threat detection capabilities. Cloud monitoring, integrated with our MDR solution provides to enterprises a turnkey threat detection and response service that significantly reduces the mean time to detect and respond to attacks in their cloud services.

Key Features

Obrela’s Managed Detection and Response (MDR) service combines collective intelligence practices and methods with leading edge security analytics and sophisticated risk management technology to identify, analyze, predict and prevent cyber-security threats in real time. Thread detection analytics, an integral part of the MDR service, collect and analyze structured and unstructured security related data from multiple cloud log sources (IaaS, PaaS, SaaS), generating valuable intelligence for new, emerging and advanced security threats. Obrela’s SOC, also an integral part of the MDR service, staffed by threat analysts with cloud expertise provides 24×7 monitoring, incident escalation as soon as a threat is validated providing to the customers MITRE-like recommendations for fast and effective security incident response.

Obrela’s cloud monitoring capabilities include:

• Active Directory & Identity Management monitoring: the directory service is considered the most significant part of the security perimeter for every organization in the cloud. Obrela’s threat detection analytics collect Active Directory (sign in, audit) events to analyze authentication, and application access management activities, identify suspicious login attempts by location, brute force login attempts and escalation of privileges in correlation to cloud-native identity protection alerts.
• IaaS monitoring: collected security and telemetry events of virtual machines, storage, networking and other resources, are monitored for unauthorized access, malware activity, inadvertent actions, suspicious administrators’ actions but also availability. Monitored traffic on internal network zones and internet facing interfaces is enhanced with threat intelligence to identify external attackers to any stage of their kill chain.
• PaaS monitoring: as enterprises use or develop cloud-native applications, Obrela’s Threat Analytics identify non-compliance or risks on top of unauthorized access, unsecure configurations, or malware activity. Cloud-native security alerts, or vulnerability insights enhance threat intelligence with additional state information.
• Azure monitoring: integrate to Obrela’s MDR service Azure log sources on multiple layers including IaaS resources per tenant/subscription, Azure Active Directory, Identity Protection, Activity and Security Center alerts, Cloud App Security alerts, Azure Advanced Threat Protection deployments, network interfaces, web application firewalls and more.
• AWS monitoring: integrate to Obrela’s MDR service IaaS resources on Elastic Compute Service stack (EC2), EBS, Cloudwatch, CloudTrail, AWS Directory service, and other PaaS deployments on AWS.
• Office365 monitoring: being a widely used cloud application suite which receives business-critical data and operations, o365 is another big data silo through which Obrel’s Threat Analytics identify in real-time threats of unauthorized access, suspicious administrators’ actions, massive mail deletion, access other mailbox accounts, changes in exchange policies, suspicious file transfers and more. Native security alerts, malware activity or other indicators enhance security intelligence with additional state information to prevent early data loss or leakage hits.

Obrela Factor

Obrela’s Threat Detection Analytics enable advanced and in-depth analysis of large amounts of log data from multiple cloud log sources leveraging threat intelligence, expert rules and advance security analytics algorithms to reveal abnormal or suspicious behavior and patterns. Alert management capabilities enhance 24×7 monitoring to detect threats as soon as possible triggering meaningful alerts and security response procedures.

Our clients are offered the advantage of fast integration to Obrela’s MDR service and day one visibility of security threats in their cloud environment. Clients can build on top customized processes and procedures for risk compliance and incident response plans.

If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723