Secure your cloud

Security in the cloud is a shared responsibility. Public cloud providers, such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, make it clear that while they secure the infrastructure you must ensure secure configuration of the cloud platform services, operating systems, containers and applications you run. As public cloud usage is exploding while employees with cloud skills are hard to hire, many organisations are looking for security as a service solutions.

 

Application and cloud platform security 

Public cloud has reduced the time and effort it takes to create software. Therefore many organisations have chosen the cloud as the default development platform leading to a very rapid expansion of software deployments. As business moves online, malicious actors are increasingly targeting applications as the attack vector. Hyperscale cloud providers (AWS, Azure and GCP) provide extremely robust and secure datacenter and infrastructure platforms which are much more difficult to exploit than applications running there.

DevOps teams use automation to deploy to cloud. Typical hyperscale cloud provider has over 150 services that can be launched. It is inevitable some deviations from security standards and best practices occur from time to time. Therefore all organisations need a capability to quickly detect and remediate platform level issues such as accidentally internet opened S3 buckets or permissive network security groups.

It’s clear that organisations need a cloud security remediation capability. However, their legacy environment SOC is unable to meet the challenges of public cloud security. Typical SOC is focused on aggregating events from endpoints, network devices and so on from on-premise world. The toolset used to aggregate events is not cloud native or integrated with provider platform. Legacy SOCs tend to hands-on lack public cloud skills. Even worse problem is the lack of customisation in alerting design and inability to provide application security.

 

Nordcloud Cloud-native SOC (BETA)

security operations center

Nordcloud is proud to announce the industry first cloud only SOC offering that meets the challenges of application security and platform security. Initially the service supports AWS and Azure with Google Cloud Platform planned in the future.

Cloud native SOC is a new service in Beta that captures, alerts and remediates your high-priority security events 24×7.  SOC includes application threat modelling and alerting design ensuring that mitigations and highly customised alerting is in place where your environment has most risk.  

Cloud native data sources

SOC supports natively AWS infrastructure security services such as AWS Security Hub (Preview), Amazon GuardDuty, VPC Flow logs, AWS Cloudtrail and AWS Cloudwatch logs. Azure native data sources include Azure Security Center, Azure Resource Manager Activity Logs, Advanced Threat Protection and Load balancer Event Logs. 

Application threat modelling

Nordcloud SOC works regularly with your application teams to embed threat and security awareness and ensuring mitigations and meaningful alerting are in place. It improves security outcomes compared to traditional MSSP solutions by via native cloud support and customised application alerting. SOC enables developers use the same tooling, investigation tools and visibility that security analysts use – thereby making it faster to investigate and resolve issues. In addition to security tooling provided by AWS and Azure, Nordcloud partners with leading log intelligence platform Sumo Logic to deliver modern, developer friendly security alert and investigation experience. SOC service includes regular Game Days for attack simulation and detection verification.

Incident remediation

Nordcloud SOC is integrated with our AWS, Azure and GCP certified Managed Services offering so where applicable SOC can remediate issues instead of just investigate and escalate back to customer. This enables your internal teams to spend more time running the business and developing applications.

 

Start your cloud-native security journey with cloud-born experts

Contact our Security Operations Experts

 

How does Nordcloud SOC compare to traditional Managed Security Service Providers?

  Legacy Managed Security Service Provider Nordcloud Security Operations Center
Cloud-native sources Typically not integrated in the offering. Native support for all major public cloud platforms, including NC SOC, leverages Azure Security Center, AWS Security Hub, Google Cloud Command Centre (future).
Public cloud certifications The incident response team has limited knowledge about the public cloud Nordcloud is focusing on Public Cloud only with certified Cloud Architects and MSP certification in all public clouds.
Infrastructure alerting Monitoring teams overwhelmed with events due focus on event aggregation and heuristics instead of alerting and assured detection Threat modelling, mitigation design and logging
Application security Not enough focus on application and architecture blind infrastructure event analysis Alerting design for application threats
3rd party alerting tools Legacy SIEM tools – no developers as users Cloud-friendly tools, e.g. Sumo Logic combining all log management use cases including application security threat detection
Simulation of E2E security process Lack of simulation of end to end security incident process Nordcloud SOC provides Game Days for simulated attacks, alerting and process verification. SOC can also alert to customers existing infrastructure SOC
Incident resolution MSSP is unable to correct issues – inform only – leading to failures in incident response process SOC provides integrated security incident resolution
  •  

Start your cloud-native security journey with cloud-born experts

 

Contact our Security Operations Experts