Threat Intelligence Blog

Posted April 15, 2020

We are excited to announce the availability of CloudShield™ Eclipse (formerly Aeonik™ Security Fabric) Release 2.2. Highlights covered in this blog post are:

  • AWS Cloud Deployment Supported IDS / IPS
  • Upgrade to Zeek Version 3
  • Elastic SIEM Pack

Threat visibility, protection, and mitigation for cloud environments.

With Release 2.2, CloudShield Eclipse provides an organization with business network AWS Cloud supported threat intelligence, visibility and protection  along with support in hybrid cloud environments.

Most organizations have some form of cloud presence whether they are hosting specific applications or services themselves or are relying on as-a-service offerings from other vendors enabling them to build upon those services in the cloud.

Security for cloud deployments is a critical requirement. Given the importance of cloud services, organizations want to bring the same level of threat visibility, protection and mitigation available in their on-site networks to the cloud environments and ideally using the same security infrastructure and operational workflow.

CloudShield Eclipse is a software-only security fabric designed for deployment in any cloud, on-site and hybrid environment. Ease of scale and security mechanisms are consistently applied no matter whether an organization wishes to deploy on a bare metal x86 server, a virtual image on a ESXi hypervisor or a machine image in AWS VPC.

Figure 1 CloudShield Eclipse Visibility and Protection across On-Premise & Cloud

Figure 1: CloudShield Eclipse Visibility and Protection across On-Premise & Cloud

CloudShield Eclipse supports threat detection  in AWS Cloud Virtual Private Cloud (VPC) environments applying the same power of 3 detection engines available for on-premise fabric nodes.

Upgraded threat hunting and incidence response powered by an upgrade to Zeek Version 3

CloudShield Eclipse  Release 2.2 has also introduced new versions for Zeek v3 behavioral engine, Suricata v5 engine and STIX2.1 Intelligence engine. All three engines are combined into a threat correlation and detection system that is consistently applied across the entire fabric.

Organizations can deploy all of these capabilities in AWS VPC clouds to detect threat behaviors, signatures or intelligence hits against the LGC analyst vetted intelligence supported by CloudShield Eclipse.

As shown in CloudShield Eclipses management user interface below, the deep visibility into who, what, and where connections are occurring allows threat hunters and incident responders to understand the fuller context of network threat activities across on-premise, virtual or AWS cloud deployments.

Figure 2 CloudShield Eclipse Drive Efficiency And Workflow Focus

Figure 2: CloudShield Eclipse Hunt

Drive efficiency and workflow focus with the new Elastic SIEM pack

Further enhancing workflow focus for security teams, CloudShield Eclipse Release 2.2 introduces embedded Elastic SIEM so that they can leverage the advantages of the ELK software stack without having to deploy an additional separate instance, if they chose not to. Leveraging Elastic’s advanced search, shown below, security teams can investigate all activities and their timelines. Providing this contextually rich information across all the visibility across DNS, HTTP, SSH and many other protocols in the network gives the security team investigating issues the complete fabric-wide view in a single place.

Figure 3 Eclipse Elastic Siem Search

Figure 3: Eclipse Elastic SIEM Search

Ultimately, Elastic SIEM integration is able to support reporting dashboards, as shown below, that provide the operations team a quick review of all activities allowing them to dig in as necessary whenever abnormal behaviors emerge. As shown below, the dashboard’s ability to quickly show trends and baselines provides a valuable assist to the day-to-day operations team.

Figure 4 Eclipse Elastic Siem Summary

Figure 4: Eclipse Elastic SIEM Summary

Get the latest features:

Existing customers will experience these features immediately. If you are not already using CloudShield Eclipse, contact us to schedule a demo or consultation to learn more.

 

Additional Posts

Businesses Face Escalating Ransomware Threats

Find out how finished intelligence from the LookingGlass STRATIIS product line can give you the ...

Tips for the Financial Industry to Achieve Cyber Resilience in a COVID-19 World

The COVID-19 pandemic has suddenly and dramatically changed the way we live and work. As Internet ...