CloudAware uses data from CMDB and IDS to show which servers are not protected.
Multilevel Threat Management
CloudAware Threat Center continuously processes security events from multiple sources. Events are correlated across inputs by source IP address, vulnerability type, username and host of other common attributes. Threat center detects coordinated attacks and suspicious activity regardless whether it is coming from inside or outside.
Any IDS will show you what hosts it is scanning, but CloudAware Federal Threat Center can actually show you which hosts have not been scanned or are not running IDS agents. This information is available to CloudAware Federal via its highly integrated CMDB module. CMDB contains information not only about what is installed and running on machines but also information about relationships between instances and applications. Threat center uses this relationship data to quickly map emerging threats against applications and environments.
Automated Scan Initiation
CloudAware has API integration with WhiteHat security and Tenable. Either on-demand or automatically when certain conditions have been met, CloudAware Federal can request either provider to scan the application. For example if new application is launched in production, CloudAware Federal user can configure an automatic workflow to kick off a WhiteHat scan as soon as the application is up and running.
Using CloudAware Federal deployment orchestration module, you can deploy IDS agents to 1000s of servers in a single day. CloudAware Federal supports technologies such as Puppet, Chef and Ansible and provides modules for its IDS agents for all of these configuration management tools.
Five Problems We Solve:
- 1Inability to correlate inside and outside attacks.
- 2Not knowing where gaps in security are.
- 3Inability to map quickly threats to applications.
- 4Detecting new cloud-level attacks.
- 5Taking too long to deploy IDS across the board.