Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Palo Alto Networks adds cloud analytics with RedLock acquisition

It’s fair to say the cloud has become a core component of most organizations’ IT strategies. The growth of public cloud services — such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) — has been remarkable as application developers and IT professionals look to simplify the way they work and speed up deployment times.

As is the case with most things, however, for every yin there’s a yang. The cloud does have a dark side. In this case, it’s security. When I think of the effect the cloud has had on network and security teams, I’m reminded of the scene in Shakespeare’s Julius Caesar when Mark Antony shouts, “Cry ‘havoc!’, and let slip the dogs of war.”

Cry havoc indeed. The tight control IT used to have on the environment is now gone as public cloud services are largely dependent on the internet for transport, making workloads easier to breach than if they were in a tightly controlled data center. Some of the more common challenges when using public clouds include not having visibility across multiple clouds, lack of centralization, keeping up with compliance mandates, detecting threats and responding fast enough.

These problems have given rise to many security startups aimed at solving a piece of the cloud security puzzle. This, of course, introduces new challenges as securing the cloud requires some manual correlation of data, which can be slow, time-consuming and inaccurate and leads to gaps in coverage. Cloud security is much like a puzzle that hasn’t been put together. All the pieces are there, but it takes a lot of effort to get the full picture.

Palo Alto RedLock acquisition automates cloud security

Palo Alto Networks is trying to simplify the process of securing the cloud. Coming into 2018, the company had solid network and endpoint security products. In March, it added cloud security vendor Evident in a $300 million acquisition. Evident brought a rich set of cloud compliance capabilities to the Palo Alto platform.

This week, Palo Alto announced its intention to buy cloud threat defense vendor RedLock for $173 million. RedLock’s strength is its analytic and automation capabilities that help network and security teams replace manual inspection of network traffic with automated, real-time remediation.

RedLock’s products capture detailed events in all major public cloud platforms to quickly see and fix threats. The cloud vendor correlates resource configurations with network traffic and third-party feeds to expose vulnerabilities and identify compromised accounts and find insider threats via analysis of user behavior. The product then automates remediation by integrating into existing incident response workflows.

For example, if a developer accidentally leaked cloud access keys on a site such as GitHub, a hacker could steal them and break into the cloud environment using those keys. RedLock’s analytic engine would recognize the key was being used in a strange location to do unusual things and immediately alert the security team with a full history of activities associated with that key.

Analytics and security go hand in hand

I can’t overstate the importance of analytics in an organization’s security strategy. Simply too much data comes in from too many sources to be analyzed manually. Highly skilled network and security professionals might have been able to do things manually in the past, but today it’s just not possible. Analytics and automation should be viewed as an engineer’s best friend as it can greatly augment skill sets.

The addition of RedLock brings Palo Alto customers some benefit today. But, over time, the company plans to integrate the two platforms, creating a “1+1 = 3” scenario. The combination of Evident and RedLock brings the following capabilities to Palo Alto customers in a single platform:

  • Continuous discovery and inventory of public clouds via a centralized dashboard that shows assets across AWS, GCP and Azure across multiple accounts and regions;
  • Real-time compliance reporting for industry standards such as NIST, PCI, HIPAA, GDPR and CIS. Customers can access customized reports with a single click;
  • Ability to prioritize vulnerabilities, detect cloud threats and investigate incidents in minutes, as well as provide automated remediation of security, risks and policy violations across all major clouds.

Additionally, Palo Alto’s other products can be used to protect other parts of the cloud ecosystem. For example, its VM-Series products protect and segment cloud workloads, and Traps secures operating systems and applications within workloads.

Cloud security doesn’t have an “easy button” because it requires multiple products to protect the different areas of the cloud. The addition of RedLock brings rich analytic capabilities, enhancing Palo Alto’s already-robust cloud security portfolio that now offers protection and compliance across the entire public cloud journey.