Cloud infrastructure security startup RedLock launched itself and its first product May 9 with a cloud-based infrastructure security offering aimed at overcoming challenges faced by any company with an IT department. So that’s pretty much everybody.
RedLock's Cloud 360 platform enables enterprises to manage security and compliance risks across their entire public-cloud infrastructure--but without impeding DevOps teams. DevOps is proactive collaboration between software developers and IT operations to automate and expedite software delivery.
Using this, security teams get a single view of existing and potential risks throughout the entire cloud infrastructure, even across multiple public cloud service providers, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud and IBM Bluemix. The company claims that the platform automatically discovers workloads within an environment and enables continuous monitoring, anomaly detection, cloud forensics, adaptive response and compliance reporting.
What the Platform Offers
RedLock’s Cloud 360 platform offers the following capabilities:
- Visibility: RedLock enables organizations to visualize their entire public cloud environment, across multiple cloud service providers and down to every component within the environment. The platform discovers workloads and connects the dots between configuration, user activity, network traffic and threat intelligence data. Security professionals can identify risks.
- Policy monitoring: RedLock enables companies to set guardrails for DevOps, ensuring full productivity without compromises to security. The platform comes with policies that adhere to security best practices such as CIS, PCI and NIST. In addition, security administrators can create custom policies based on individual needs. It automatically monitors new and existing workloads for violations to these policies.
- Anomaly detection: The platform combines understanding of a public cloud infrastructure, correlation with third-party data sources, and machine learning to baseline user and network behavior. Any anomalous pattern immediately triggers an alarm, so the issue can be addressed as soon as it’s detected.
- Contextual alerting and adaptive response: RedLockCloud 360 continuously scores every workload based on risky attributes and behavior. The highest-rated risks bubble to the top which makes it simple to prioritize response. The platform also provides context on the risk factors associated with a particular workload so that appropriate actions can be taken. RedLock data can also be used with third-party tools to speed responses.
- Cloud forensics: Thanks to its understanding of the cloud environment, the platform cuts the time needed to resolve incidents from weeks or even months to seconds. It enables organizations to go back to any point in time and use its interactive map to easily pinpoint active threats and perform impact analysis. The platform also provides time-serialized activity for any workload to review the history of changes and better understand the root cause of an incident.
- Compliance and management reporting: RedLock enables organizations to report on risk posture to their management team, board of directors and auditors. Similar to a credit score, the platform computes risk scores for every workload based on the severity of business risks, violations and anomalies. It then aggregates the risk scores to enable organizations to benchmark and compare risk postures across different departments as well as across the entire environment.
“Companies need to be confident that they can gain complete visibility into public infrastructure security to verify security policies, investigate incidents, or ensure full compliance in a cloud environment,” CEO and co-founder Varun Badhwar said. “This is a true business imperative and our singular mission at RedLock.”
The market for public cloud infrastructure is massive; worldwide spending is expected by one market analytics firm to grow from $38 billion last year to $173 billion in 2026.
Menlo Park, Calif.-based RedLock has raised $12 million in funding from Sierra Ventures, Storm Ventures, Dell Technologies Capital, which came out of stealth earlier this week highlighting investments in more than 70 early-stage startups, including Arista and Nutanix. ProofPoint is one of its clients, the company said.