NOTE: Images may not be exact; please check specifications.
- In Stock
- Virtual delivery
Secure your assets with extended detection and response
- Detect cyberattacks across systems, productivity applications, cloud workloads, identity, and networks Provides a root cause analysis for security teams to review Visualize the complete attack chain in an easy to digest format to identify weak points in the security chain
With the XDR Cloud Sensor, GravityZone XDR monitors activity that may indicate whether the security of cloud environments, such as Amazon Web Services (AWS), has been compromised. The sensor monitors for multiple indicators of attack.
The Cloud Sensor recognizes anomalies by, first, establishing a baseline of normal behavior and then identifies when detected actifities deviate from the baseline. GravityZone detects when a user performs an action outside of the baseline, when a file with a suspicious extension has been uploaded and deviates from the baseline behavior, when a cloud function performs an action outside of the usual scope of activity, and other cloud-specific detections.
In addition, the Cloud Sensor identifies suspicious activity associated with many granular cloud service functions such as AWS Lambda. The sensor detects when an attacker has executed a Lambda function that triggers a suspicious action. For example, it can distinguish when suspicious automatic code execution has been performed, such as using a Lambda function to create an access key to backdoor an AWS Identity and Access Management (IAM) user. As another example, when a Lambda function is used to update a security group to allow ingress on a port, GravityZone XDR will identify this as a maneuver that may allow an attacker to access the cloud instance.
The GravityZone XDR Cloud Sensor detects other suspicious behavior such as when an unfamiliar user or host removes the default encryption from an AWS Simple Cloud Storage (S3) bucket. By performing this action, the attacker exposes all encrypted objects (using server-side encryption) in that S3 bucket. XDR detects when an attacker disables or removes monitoring services such as stopping Amazon's logging service, CloudTrail, or deleting logs from the AWS monitoring service, CloudWatch. It also identifies when an attacker has performed reconnaissance events against an S3 bucket. GravityZone XDR can also reveal when a user has logged in from multiple regions simultaneously, a typical indicator of a compromised account.
The Cloud Sensor recognizes anomalies by, first, establishing a baseline of normal behavior and then identifies when detected actifities deviate from the baseline. GravityZone detects when a user performs an action outside of the baseline, when a file with a suspicious extension has been uploaded and deviates from the baseline behavior, when a cloud function performs an action outside of the usual scope of activity, and other cloud-specific detections.
In addition, the Cloud Sensor identifies suspicious activity associated with many granular cloud service functions such as AWS Lambda. The sensor detects when an attacker has executed a Lambda function that triggers a suspicious action. For example, it can distinguish when suspicious automatic code execution has been performed, such as using a Lambda function to create an access key to backdoor an AWS Identity and Access Management (IAM) user. As another example, when a Lambda function is used to update a security group to allow ingress on a port, GravityZone XDR will identify this as a maneuver that may allow an attacker to access the cloud instance.
The GravityZone XDR Cloud Sensor detects other suspicious behavior such as when an unfamiliar user or host removes the default encryption from an AWS Simple Cloud Storage (S3) bucket. By performing this action, the attacker exposes all encrypted objects (using server-side encryption) in that S3 bucket. XDR detects when an attacker disables or removes monitoring services such as stopping Amazon's logging service, CloudTrail, or deleting logs from the AWS monitoring service, CloudWatch. It also identifies when an attacker has performed reconnaissance events against an S3 bucket. GravityZone XDR can also reveal when a user has logged in from multiple regions simultaneously, a typical indicator of a compromised account.
-
Software subscription
-
Software Subcategory: Security applications
-
Duration (Maintenance): 2yearsLicense Volume (#users): 150-249
-
This product is subject to our return policy. Please see our complete return policy for details.
-
0 lbs
-
43233205
16