As such, an agentless approach provides cybersecurity teams with a lightweight alternative to ascertain what data resides where without having to re-engineer application environments. Unfortunately, most IT teams don’t have a robust set of data management tools in place to identify what data resides where in the cloud. Understanding where to prioritize their efforts given the limited resources available is crucial because not all data has equal value. Cybercriminals now routinely scan cloud platforms for known vulnerabilities that are fairly easy for them to exploit.Ĭhronically short-staffed cybersecurity teams, of course, are still held responsible for cloud security. Few developers have deep cybersecurity expertise, so it’s no surprise that many cloud resources are misconfigured. Developers often programmatically provision infrastructure and deploy applications without any type of cybersecurity review. In general, public cloud infrastructure is more secure than on-premises IT environments, but from a cybersecurity perspective, the processes used to build and deploy applications in the cloud often leave a lot to be desired. That can be especially problematic when it’s discovered that sensitive data is being exfiltrated through a port on a cloud platform that has been inadvertently left open by an application developer.
The challenge that creates is that cybersecurity teams today don’t know for certain what data is residing where in the cloud.
#Data sets for cyber osquery software
The amount of data housed in the cloud has exploded in recent years as organizations have opted to rely on infrastructure and software managed by a third party on their behalf. Pricing for Normalyze is based on a freemium model as part of an effort to make the platform widely accessible.
The graph technology developed by Normalyze enables cybersecurity teams to identify all data stores, applications, identities and infrastructure resources and how they all connect across multiple clouds, he added.Ī scanner then uses machine learning algorithms to determine which data stores house sensitive information and automatically maps them to specific regulatory profiles such as the General Data Protection Rule (GDPR) or Healthcare Information Portability and Accountability Act (HIPAA), said Deeba.įinally, a prioritization engine identifies and ranks risk paths based on the sensitivity of the data and the impact an attack would have on the business, he noted.ĭeeba said cybersecurity teams can access this information via a single console and can also integrate the analytics surfaced by Normalyze with external notification, ticket creation and workflow tools to orchestrate their remediation efforts.
0 kommentar(er)
