As the only cloud-native logging and security analytics platform that enables organizations to take full advantage of all of their data to run and secure their business, Devo is committed to working with other leading security technology providers to bring advanced capabilities to our customers. That’s why we’re pleased to announce an integration with Google Cloud IDS.
The Devo Platform and our Security Operations application combined with Cloud IDS will enable our customers’ SOC teams to uncover threats quickly and completely so they can drive investigation success. The goal is simple but powerful: We will enable you to achieve greater visibility into all of your data with integrated security tools.
Three Key Elements
The work of detecting and responding — rapidly and successfully — to cybersecurity threats requires three key elements: visibility into your data, speed and context. Unfortunately, many SOC leaders are painfully aware that their organization lacks these critical traits. While there is no shortage of tools available to SOC teams, security leaders are demanding stronger, integrated tool sets that will enable them to transform their SOCs and meet modern, always-evolving cybersecurity risks head-on.
Making Streamlined Cybersecurity Analytics a Reality
Before I go any further, allow me to provide some background. Cloud IDS is a network threat detection service that combines the scalable and secure infrastructure of Google Cloud with advanced threat detection technology. It identifies network-based malicious activity within the Google Cloud environment and helps customers receive enriched alerts. The network threat detection capabilities of Cloud IDS are built with Palo Alto Networks technologies.
Devo also fully integrates with Palo Alto technologies, including Cortex XSOAR to enable SOC teams to manage investigations once Devo Security Operations has triaged specific threats.
Cloud IDS integrates easily with the Devo Platform and Security Operations, enabling security analysts to:
- Continuously monitor their environment.
- Raise alerts when suspicious activity is observed.
- Quickly investigate and visualize their data.
- Take decisive mitigation action to defend and monitor their organizations.
This integration of the two cloud-native solutions turns the dream of a “single pane of glass” into a reality for SOC analysts. Devo, with the help of Cloud IDS, will prioritize alerts, reduce the number of false positives, and help resolve them. This empowers SOC analysts to address the most critical findings — quickly and decisively. With this integration, SOC teams can perform several key use cases, including:
- Threat Detection:
- Better visibility into potential network security threats in the Google Cloud environment.
- The ability to correlate Cloud IDS events with data from cloud workloads, IAM, and other sources in Devo for better context and faster investigations.
- Fast, accurate detection of ephemeral malware that lives in the volatile memory of your Google Cloud workloads.
- The Devo Platform delivers at least 400 days of always-hot, searchable data for ALL data sources. This makes it easier to trend, track changes, and audit your environment for compliance.
- Network Forensics:
- Achieve visibility into Google Cloud flow logs and Cloud Logging for detailed forensic analysis.
- Combine flow data with Cloud IDS data and workload logs to correlate and analyze data at cloud scale.
- Perform 360-degree continuous monitoring and analysis of logs, metrics and traces to improve intrusion detection of malware, spyware and command-and-control attacks
A Look at the Architecture
The powerful combination of Cloud IDS and the Devo Platform enables SOC teams to detect threats, perform forensic analysis, and audit their environments for compliance.
Devo customers can learn more about the integration on our website. To get started using Devo and Cloud IDS, contact your Devo representative today.