Intrusion Detection
Event Decoration
Tradition intrusion detection systems rely on IP addresses and hostnames to identify assets. This approach does not work well in multi-account and multi-cloud environments where there are VPCs with overlapping subnets. Cloudaware IDS pulls inventory data and unique identifiers such as instance ID from CMDB and then reconfigures a host-based IDS agent to apply labels and decorate every single event emanating from the host. All subsequent IDS events then contain relevant metadata about the host, such as tags, account IDs, account names, VPC names, etc.
Schedule a Demo
Examples
Unlike other solutions existing on the market, Cloudaware not only pulls the event data but also decorates it with important attributes from Amazon Web Services.
Examples
AWS IDS Event
Azure IDS Event
Google IDS Event
Unlike other solutions existing on the market, Cloudaware not only pulls the event data but also decorates it with important attributes from Amazon Web Services.
File Integrity Monitoring
Cloudaware IDS audits read and write access to application and operating system files. Each access attempt is assigned a score depending on the identity, type of access and outcome. File integrity monitoring is used to detect malware, rootkits, unauthorized software installations and irregular access or permission changes to sensitive data.
Combined with Intrusion Detection capabilities, FIM helps enterprises meet regulatory standards such as PCI, HIPAA, etc.
Containers Security
Cloudaware IDS monitors the behavior of Docker hosts and containers, detecting any threats, vulnerabilities and anomalies. This brings visibility into containers running in privileged mode, vulnerable applications, a shell running in a container, changes to persistent volumes or images, and other possible threats.
Cloudaware IDS has native integration with the Docker Engine. Cloudaware users can monitor images, volumes, network settings, and running containers.
