Uptycs, a leading cloud-native security analytics platform, recently launched new cloud detection and response (CDR) functionalities to help organizations detect and remediate malicious activities and attacks against cloud infrastructure. In an AWS cloud environment, the new CDR functions will assist businesses in identifying harmful activities like data exfiltration, privilege escalation, discovery, and privilege escalation.
Andre Rall, Director of Cloud Security at Uptycs, said, “Threat actors today have become cloud experts. Their tactics and techniques are evolving quicker than most want to believe. When (not if) a threat actor steals credentials to your cloud environment, time is of the essence to detect their activity before they achieve their goal. The new CDR function in Uptycs evens the playing field for defenders, giving them automated expertise so they can detect and respond to these sophisticated threats.”
Before achieving their objective, whether it be data theft, the installation of coin mining software, or the distribution of ransomware, attackers with cloud credentials often need to learn about the environment and leverage their privileges. Their activity is routinely logged as they travel around the system and conduct reconnaissance; but, to identify malicious behavior, a person with knowledge of cloud security must review the timeline of events. These analyses are automated by the new Uptycs CDR capabilities, which also notify cloud security teams of active assaults.
When there is a high probability of malicious behavior, Uptycs CDR detections correlate discrete events to prevent false alarms from being raised. For instance, the following series of events are combined by Uptycs into a single privilege escalation detection:The attacker utilises the CLI to retrieve information about the user whose credentials they have stolen.
- The attacker lists the users’ policies and the number of versions that are associated with each user’s policy.
- In order to identify an earlier policy version with more rights, the attacker obtains information about it.
- By going back to the earlier policy version with higher privileges, the attacker escalates their level of access.
Ganesh Pai, Co-Founder and CEO at Uptycs, said, “Detection and response capabilities are essential to reducing risk and securing cloud infrastructure. Our vision is to enable companies to innovate with cloud-native applications in a secure manner. That means securing the entire cloud-native application lifecycle, from the point where the code is written on developers’ laptops to the application workload run in the cloud. CDR plays a critical role, providing security teams with the ability to quickly detect stealthy attacks against cloud infrastructure as they unfold.”