Posted April 15, 2020
We are excited to announce the availability of CloudShield™ Eclipse (formerly Aeonik™ Security Fabric) Release 2.2. Highlights covered in this blog post are:
- AWS Cloud Deployment Supported IDS / IPS
- Upgrade to Zeek Version 3
- Elastic SIEM Pack
Threat visibility, protection, and mitigation for cloud environments.
With Release 2.2, CloudShield Eclipse provides an organization with business network AWS Cloud supported threat intelligence, visibility and protection along with support in hybrid cloud environments.
Most organizations have some form of cloud presence whether they are hosting specific applications or services themselves or are relying on as-a-service offerings from other vendors enabling them to build upon those services in the cloud.
Security for cloud deployments is a critical requirement. Given the importance of cloud services, organizations want to bring the same level of threat visibility, protection and mitigation available in their on-site networks to the cloud environments and ideally using the same security infrastructure and operational workflow.
CloudShield Eclipse is a software-only security fabric designed for deployment in any cloud, on-site and hybrid environment. Ease of scale and security mechanisms are consistently applied no matter whether an organization wishes to deploy on a bare metal x86 server, a virtual image on a ESXi hypervisor or a machine image in AWS VPC.
Figure 1: CloudShield Eclipse Visibility and Protection across On-Premise & Cloud
CloudShield Eclipse supports threat detection in AWS Cloud Virtual Private Cloud (VPC) environments applying the same power of 3 detection engines available for on-premise fabric nodes.
Upgraded threat hunting and incidence response powered by an upgrade to Zeek Version 3
CloudShield Eclipse Release 2.2 has also introduced new versions for Zeek v3 behavioral engine, Suricata v5 engine and STIX2.1 Intelligence engine. All three engines are combined into a threat correlation and detection system that is consistently applied across the entire fabric.
Organizations can deploy all of these capabilities in AWS VPC clouds to detect threat behaviors, signatures or intelligence hits against the LGC analyst vetted intelligence supported by CloudShield Eclipse.
As shown in CloudShield Eclipses management user interface below, the deep visibility into who, what, and where connections are occurring allows threat hunters and incident responders to understand the fuller context of network threat activities across on-premise, virtual or AWS cloud deployments.
Figure 2: CloudShield Eclipse Hunt
Drive efficiency and workflow focus with the new Elastic SIEM pack
Further enhancing workflow focus for security teams, CloudShield Eclipse Release 2.2 introduces embedded Elastic SIEM so that they can leverage the advantages of the ELK software stack without having to deploy an additional separate instance, if they chose not to. Leveraging Elastic’s advanced search, shown below, security teams can investigate all activities and their timelines. Providing this contextually rich information across all the visibility across DNS, HTTP, SSH and many other protocols in the network gives the security team investigating issues the complete fabric-wide view in a single place.
Figure 3: Eclipse Elastic SIEM Search
Ultimately, Elastic SIEM integration is able to support reporting dashboards, as shown below, that provide the operations team a quick review of all activities allowing them to dig in as necessary whenever abnormal behaviors emerge. As shown below, the dashboard’s ability to quickly show trends and baselines provides a valuable assist to the day-to-day operations team.
Figure 4: Eclipse Elastic SIEM Summary
Get the latest features:
Existing customers will experience these features immediately. If you are not already using CloudShield Eclipse, contact us to schedule a demo or consultation to learn more.
Additional Posts
Businesses Face Escalating Ransomware Threats
