All the cloud security elements, orchestrated in one, cloud-based system
By providing continuous, real time visibility, control and remediation, Coronet SecureCloud ensures that only trusted users, using trusted devices, connecting through trusted networks to trusted cloud services can access corporate data.
SecureCloud eliminates the need for on-site installation, enabling implementation in minutes without the complexity of legacy security integration, and at a fraction of the cost.
Coronet SecureCloud is the first solution to bring all the essential elements of cloud security into a single, cloud-based system. But what are the elements of cloud security? What elements are covered (and not covered) by other products? Isn’t an access gateway or a CASB enough to secure your cloud operations? To ease on your research, below we simply compare SecureCloud in detail to other key security products which only cover partial aspects of cloud security.
In order to detect threats that put corporate data and reputation at risk, all the relevant activities along the cloud security chain should be monitored and analyzed. To make this assessment actionable, it should be performed in the proper context of user identities, security posture of the devices they use, networks they connect to and service properties.
User activities such as services used, specific periods of time, location, etc.
Groups memberships in active directory (AD), responsibilities within the organization, etc.
What information could be shared by the user, with what user groups, what are the permissions levels (view only, edit, etc.)
Settings that may put device at risk or make it susceptible to vulnerabilities. For example: no password protection, no disk encryption, device rooting, etc.
Downloads of sensitive data to the device, connections to unsanctioned networks, installs of apps with known vulnerabilities, etc.
Region, country, concrete geo-location, etc.
What networks used: Wi-Fi/cellular, usage patterns (office, at home)
Open/secured, what type of security (WEP, WPA, EAP).
Geo-location of specific wireless networks
Network routing path across IP network
What would be the impact of breach or data loss. For example, if it’s AWS IaaS, potential attack results may be devastating.
Activities within the service. For example, in AWS, spin up EC2 instance or create S3 bucket.
Password complexity, MFA, open ports, public access to sensitive data, excessive privileges, etc.
Continuously monitored security posture and activities are automatically analyzed by SecureCloud for non-compliance, threats, and potential risks. The necessary remediation actions are automatically taken in real time, at the right place of the security chain.
In terms of cloud security functionality and its automation, SecureCloud offers a complete solution that eliminates the need for multi-system integrations.
Control access to cloud services approved by the organization.
Control access to services deployed on-premises
Control access corporate data, ACL, permissions (r/w), etc.
NAC-style control to corporate wireless networks
NAC-style control to public wireless networks
Access control, based on the context (location, time of day, network used for communication, etc.)
Control access to one domain, based on combined assessment of others. For example, restrict access to specific services based on device vulnerabilities or network posture.
Spot anomalies in user behavior based on what has been profiled as normative (e.g., abnormal access to high-risk or sensitive objects, abnormal number of activities, requests in a short time frame, activity from terminated user accounts, dormant accounts, etc.)
Spot anomalies in device behavior based on what was profiled as normative (e.g., unusual data exchange patterns, battery consumption, etc.)
Suspicious change of location, security type, routing patterns.
Suspicious access patterns such as services that haven’t been accessed in the past, unusual access sequences, etc.
Mass downloads within short time frames, suspicious data deletion, privileged data access misuse, etc.
Spot user’s anomalous behavior, force authentication sessions expiration to coerce sign-in.
Unusual actions that require administrative permissions (disable MFA, open non-standard ports, make storage accessible to everyone, etc.)
Examine files stored in sanctioned cloud storage services for potential malware. Analyze multiple file dimensions to detect unauthorized encryption.
Profile and analyze access and usage patterns across several cloud services to detect cross-service threats
In-network attacks detections such as IP spoofings, ARP poisoning, and malicious proxies.
Network-in-the-middle attacks (evil twin, PNL honeypots, compromised captive portals). Traffic interception, attempt to steal encryption keys and certificates.
Download confidential data from corporate drive to mobile device which could be further shared with personal accounts or might be stolen
Who can share what with whom
Open ports that could be used to connect and steal data (e.g., connection to unprotected database to make queries)
Detection and prevention regulated data exposure and standards compliance (PCI, HIPAA, etc.)
Assessment of settings that may put device at risk.
Detection of suspicious and malicious wireless networks in the vicinity of users and facilities.
Assessment of cloud services vulnerabilities based on the existing settings and advised improvements.
Automatic remediation and governance actions such as disconnect from network, suspend user, require sign-in, require password change, stop sharing, file quarantine, and block access to corporate networks.
Geo-locations used in protection rules
The capability to define areas that the user will not be able to get services (e.g. foreign countries) to reduce attack surface
Drive compliant behaviour by advising which networks could be used safely and are compliant with organizational policies, as well as enabling different levels of enforcement actions - such as disconnect from service once, disconnect permanently etc.
Still have a question that needs to be answered? Talk to us.I have a question