In last week’s webinar “Detecting Threats in the Cloud with the Cloud”, Kelly Brazil (VP of Systems Engineering) and I presented how The ProtectWise Grid™, which runs entirely in the cloud, detects threats and attacks in your cloud environments.  In case you weren’t able to attend the live webinar, you can view the the on-demand version here.

During the webinar, we ran a couple of polls. One of them was about retaining forensic data. The results of that poll question are presented below.

Poll 1

As expected, a large percentage of respondents said they are not retaining forensic data (e.g., full packets, metadata). That’s because, for a lot of companies, having the forensics was an afterthought; they’ve been focusing on on prevention and interpreting the logs generated by their on-prem security appliances. That’s changing, as companies realize they need more than logs in order to get a complete picture of what transpired in an attack. When a breach happens, a log will reveal  something happened - but can’t provide the details of what exactly transpired (e.g., a log can’t show what was in a file that was exfiltrated).

And as workloads are moving to the cloud, enterprises are realizing that visibility into attacks and threats in the cloud is severely limited. Because enterprises don’t own the cloud infrastructure, the level of forensics provided by a lot of solutions is limited to log data - which can’t provide enterprises with the details they need.  

The importance of forensics is reflected in the audience’s response to the second poll question we asked: 76% believe that full packet data needs to be analyzed in order to get complete visibility into threats and attacks. That makes sense - after all, the network doesn’t lie.

Poll 2

Collecting forensics isn’t an afterthought for ProtectWise - it’s an integral part of The ProtectWise Grid, used for retrospective analysis and as supporting evidence for threat hunting. The ProtectWise Grid captures network forensics just as easily if a workload is running within traditional enterprise boundaries or in the cloud and makes it conveniently available to analysts. With ProtectWise, analysts can get the same value around visibility, threat detection and incident response regardless of where workloads are running.

Much more was covered during the webinar, including technical information on how to configure Amazon VPCs and a demo of The ProtectWise Grid detecting threats in the cloud. If you missed it, I encourage you to view the on-demand version.