Dome9 makes use of Amazon cloud serverless technologies including Kinesis and Athena to deliver a security capability to help detect advanced cloud threats.
Security startup Dome9 announced its new Magellan service on Nov. 22, providing organizations with context-aware security capabilities for cloud deployments.
The Magellan service is a new module in Dome9’s Arc cloud security platform that provides cloud configuration analysis capabilities. With Magellan, Dome9 is now adding context awareness, derived from enriched log data and threat analysis, to help organizations detect attacks.
“With Magellan, we’re connecting time-based data, whether it’s network flows or user audits, to the knowledge we have on cloud configuration,” Zohar Alon, CEO of Dome9, told eWEEK. “Trying to find out what is bad in a public cloud is very different from how traditional network intrusion technologies work.”
Dome9 is using Magellan to help its customers consume Amazon Web Services (AWS) network and audit logs into a threat intelligence system, Alon said. Those logs are enriched by Dome9 with the configuration knowledge to help provide a more complete analysis of what is occurring in a given cloud environment.
“We can turn a very benign, simple-looking log entry into a chapter of a story,” he said.
For example, Alon said Magellan would know when an AWS Lambda function triggered a connection to a storage bucket or a database. He added that Dome9’s threat intelligence analyzes the data based on known threats and malicious indicators of compromise.
Serverless
As a cloud-native vendor, Dome9 is making use of AWS tools to deliver and power the Magellan service. Among the services that Magellan uses are AWS CloudWatch logs, which provide network monitoring capabilities. Alon explained that Magellan takes the CloudWatch logs and feeds them to the AWS Athena serverless query service. In addition, the Dome9 Magellan service makes use of the AWS Kinesis data streaming service to send the data to Athena for processing.
“We use Athena as our main data processing system, since it’s a very powerful next-generation solution that is very efficient from a cost perspective,” Alon said. “So we’re using the Amazon Big Data processing platform.”
Going a step beyond just identifying cloud threats, Alon emphasized that the overall purpose of the Dome9 Arc platform, of which Magellan is a part, is to help automatically mitigate risks.
“Our solution is an active solution that can change permissions on the fly to prevent users from doing bad things that they did not intend to do,” he said. “This is a critical part of our DNA.”
Providing a fully automated platform for cloud configuration risk mitigation is not a trivial task, with some organizations still worried about potential false-positives. Alon said that with Web Application Firewalls (WAF) and other security technologies, many organizations deployed the technology in monitor-only mode. With the increased potential for data breaches from cloud breaches, he said that in the modern micro-services cloud world, monitor-only is not a viable option.
“I’ll ask any CEO I’m in front of, Would you rather be safe or sorry?” Alon said. “Most of our customers use Dome9 in full-protection mode.”