Elastic is launching new capabilities for Elastic Security — the only search-powered, security analytics solution that unifies SIEM, endpoint security, and cloud security on a single platform — to help organizations modernize their cloud security operations with a comprehensive suite of cloud security capabilities for AWS.
Building upon a strong foundation of existing cloud security capabilities — including both Kubernetes Security Posture Management (KSPM) and Cloud Workload Protection (CWP) — Elastic Security has expanded its cloud security featureset to include Cloud Security Posture Management (CSPM) for AWS, Container Workload Security, and Cloud Vulnerability Management.
The release of these features makes Elastic Security the only security analytics solution that is a complete Cloud Native Application Protection Platform (CNAPP) for AWS.
Cloud security matters
According to Gartner, more than 85% of organizations are moving to a cloud-first model and 95% of new digital workloads are being deployed on cloud-native platforms. In part, this is because organizations know that cloud and cloud-native architectures can accelerate application scale and the speed of innovation.
However, many organizations operate under the (false) assumption that their cloud workloads are inherently protected by their cloud service providers. In reality, cloud providers view security as a shared responsibility.
Without full appreciation for this model of shared responsibility, organizations unintentionally run workloads in the cloud that are not fully protected, making them vulnerable to attacks that target the operating system, data, and applications.
In fact, Gartner states that 99% of cloud failures will be the (end) customer’s fault due to mistakes like cloud misconfigurations. Research from Elastic Security Labs found that nearly 1 in 3 (33%) attacks in the cloud leverage credential access, indicating that users often overestimate the security of their cloud environments and fail to configure and protect them adequately.
Where traditional methods fail
To date, the most common approach to cloud security was to deploy specific point solutions (e.g., use one tool for SIEM, another solution for endpoint security). But, when security and DevOps teams are forced to pivot between security tools, they’re often working with segregated data sets instead of a unified datastore and are using multiple dashboards instead of a unified dashboard — leading to a fragmented approach to hybrid cloud and multi-cloud security that increases risk, cost, and complexity.
Indeed, to overcome this issue, in 2022, Gartner found that 75% of organizations were actively pursuing security vendor consolidation (up from 29% in 2020). Consolidation alone doesn’t inherently address the complexity of the cloud. The dynamic nature of hybrid and multi-cloud environments creates additional complexity for cloud security operations because many organizations split responsibilities between DevOps, Security, and IT teams — leading to blind spots when attackers move across environments and from endpoint to cloud and vice versa.
The solution is simple
Unified visibility across all cloud resources, as well as on-premises systems, is critical to quickly identifying and stopping security threats at scale.
By accelerating teams’ investigations with the power of Elasticsearch, Elastic Security delivers better attack surface visibility, reduces vendor complexity, and accelerates remediation.
With today’s launch, Elastic Security is helping organizations modernize their cloud security operations with a combination of static analysis and runtime capabilities. Here’s how CNAPP further delivers cloud protection for teams:
The 4 tenets of cloud protection
Elastic Security’s comprehensive suite of cloud security capabilities for AWS align with the four key tenets of cloud protection, namely:
- Cloud Workload Protection — Expanding our existing expertise in runtime security on traditional endpoints, Cloud Workload Protection enables cloud security teams to gain deep visibility into what is happening inside cloud workloads — all the way down to the kernel level. From standalone Linux workloads to virtual machines to infrastructure hosted in AWS, Google Cloud, and Microsoft Azure — Cloud Workload Protection safeguards the entire runtime workload to ensure that it’s secure regardless of implementation.
- Cloud Security Posture Management — Enabling cloud security teams to quickly and easily assess whether their cloud environments are configured securely by comparing to Center for Information Security (CIS) benchmark scans. With one-click, out-of-the-box integrations and posture dashboards and reports, CSPM enables teams to continuously detect and remediate misconfigurations across workloads in AWS and Amazon EKS in real-time.
- Container Workload Protection — Building on the power of Cloud Workload Protection, Container Workload Protection enables cloud security teams to gain deep visibility into activity inside container workloads in managed Kubernetes environments. Pre-execution runtime analysis empowers Elastic customers with a simple way to prevent changes to workloads running in Amazon EKS, GKE, and AKS environments. Container Workload Protection ensures that only authorized system activities are permitted, preventing attackers from gaining access while stopping both lateral movement and privilege escalation.
- Cloud Vulnerability Management — Elastic’s Cloud-Native Vulnerability Management capability continuously uncovers vulnerabilities in AWS EC2 and EKS workloads with zero resource utilization on workloads and provides efficient end-to-end triage workflows with vulnerability risk and runtime context for prioritization. Elastic identifies, reports, and guides remediation of these vulnerabilities to help any organization identify and respond to potential risk.
Ready to learn more?
Visit our Cloud Security page for a full overview of capabilities. Better yet, come find us at RSA Conference 2023 April 24–27 to see a live demo and chat with our security experts!
See the full list of Elastic 8.7 release features in our announcement blog.