MDR FOR CLOUD SECURITY
You're in the cloud.
We're all-in to protect you.
We protect your cloud with 24/7 Managed Detection and Response, Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP) and Cloud-Native Application Protection Platform (CNAPP). eSentire MDR for Cloud experts provide seamless monitoring, scanning and control over your cloud environments and applications, delivering unmatched visibility, multi-signal correlation and complete protection from cloud-specific threats.
To cIG - A Risk is A Risk
On-Premises. In The Cloud. Hybrid. We're All-In To Protect You.
It's important to have a comprehensive cloud security solution no matter your environment. Securing your cloud environment requires both configuration and runtime protection to be successful.
That's why cIG has brought together 24/7 MDR for Cloud, Cloud Security Posture Management, and Cloud-Native Application Protection Platform.
We detect, investigate and respond to threats specific to multi-cloud environments leveraging our cloud-native XDR platform, proprietary MITRE ATT&CK mapped detections, and our 24/7 Security Operations Centers (SOCs) staffed with Elite Threat Hunters and experienced Cyber Analysts.
We eliminate the risk of critical cloud misconfigurations by providing continuous cloud visibility, configuration management, asset tracking, and mapping to compliance frameworks including PCI, HIPAA, CIS. Gain comprehensive visibility across your cloud infrastructure with anomaly-based threat detection and proactive, prioritized cloud threat response.
We gain visibility into all portions of your cloud environment to implement build-to-run-time security. You can leverage configuration hardening, agentless workload protection of virtual machines and containers, and vulnerability assessment functionality. We also curtail user privileges and over-permissive cloud entitlements to keep your identities safe and secure.
Our MDR for Cloud provides:
24/7 Cloud Visibility, Threat Detection, Investigation and Prioritized Remediation Recommendations & Support
Managed Vulnerability Scanning Across Your Multi-Cloud Environment
Actionable Insight and Data Correlation From Your Cloud Escalations
24/7 Workload Security (Virtual Machines, Containers and Kubernetes)
Proactive Elite Threat Hunting Expertise
24/7 Security Posture Management (Cloud and Kubernetes)
Threat Response Unit (TRU) Proprietary Novel Detections
Real-time deep-packet inspection of VPC traffic in AWS and response action with industry-leading firewalls
The Challenge
Threat actors commonly try to remove important security controls like multi-factor authentication (MFA) to gain or maintain access to a user account they have targeted.
Detection
24/7 SOC Cyber Analysts are alerted via Azure Sentinel whenever MFA requirements are removed and follow a proprietary run book to streamline the investigation process.
Response
A sudden change in MFA requirements is very unusual and a potential indicator of compromise. With the right context established and our XDR platform’s direct integration with Azure AD, our analyst can suspend the credentials of the user who removed the MFA policy, minimizing the risk of any other important security policies being tampered with.
The Challenge
Cloud infrastructure providers like GCP provide significant geographic regional control on where their data is stored. Threat actors can use this to their advantage as a means of evading detection, by creating cloud instances in unused geographic service regions.
Detection
cIG has a proprietary GCP detector and investigative runbook designed to regularly scan for cloud administrative activity in typically unused GCP regions and our 24/7 SOC Cyber Analysts are alerted if such activity is identified.
Response
Our analysts alert would alert you and confirm if the activity is expected or not. If not, SOC analysts would recommend the user’s credentials be suspended, perform further investigative work to determine if any other malicious admin activities happened, and find the initial intrusion source.
The Challenge
Many in-house security teams don’t have visibility across their AWS network traffic, which means they can’t monitor potential cyber threats across their full AWS environment.
Detection
Through cIG MDR for Network for AWS, we leverage native AWS traffic mirroring to perform deep packet inspection based on signature and behavior-based detections using both industry standard commercial detections and proprietary detections developed by our TRU team.
Response
Our analysts respond to threats in the cloud network at three different levels depending on the permissions granted; we send an email alert with instructions for your security team, perform a TCP-RST at the VPC level and/or respond at the firewall level via an API integration.
Cloud Security FAQ
Ready to Get Started?
See How We Can Secure Your Assets
Let's talk about how cIG can solve your cybersecurity needs. Give us a call or submit your information below and our representative will be in touch to help you build a more resilient security operation today.
Call Us On: +267 - 74657500 | Email: info@cyberintrustionguard.com