Uptycs released new cloud detection and response (CDR) capabilities for detecting and remediating sophisticated attacks against cloud infrastructure.
The new CDR feature will help organizations detect malicious behaviors such as discovery, privilege escalation, remote code execution, and data exfiltration in their AWS cloud environment.
Attackers that have cloud credentials typically need to discover what is in the environment and escalate their privileges before they can achieve their goal, whether stealing data, installing coin mining software, or deploying ransomware. As they go about reconnoitering the environment and move laterally their activity is frequently logged, but someone with cloud security expertise needs to examine the sequence of events to discern malicious behavior. The new Uptycs CDR capabilities automate this analysis, alerting cloud security teams to attacks in progress.
“Threat actors today have become cloud experts. Their tactics and techniques are evolving quicker than most want to believe. When (not if) a threat actor steals credentials to your cloud environment, time is of the essence to detect their activity before they achieve their goal,” says Andre Rall, Director of Cloud Security at Uptycs. “The new CDR function in Uptycs evens the playing field for defenders, giving them automated expertise so they can detect and respond to these sophisticated threats.”
“Detection and response capabilities are essential to reducing risk and securing cloud infrastructure,” says Ganesh Pai, Co-Founder and CEO at Uptycs. “Our vision is to enable companies to innovate with cloud-native applications in a secure manner. That means securing the entire cloud-native application lifecycle, from the point where the code is written on developers’ laptops to the application workload run in the cloud. CDR plays a critical role, providing security teams with the ability to quickly detect stealthy attacks against cloud infrastructure as they unfold.”
Uptycs CDR detections correlate discrete events so that alerts are only fired when there is a high-confidence of malicious behavior. For example, Uptycs correlates together the following sequence of events into a single privilege escalation detection:
- Using stolen credentials, the attacker uses the CLI and retrieves details about the user whose credentials they’ve stolen
- The attacker lists the policies attached to that user, along with the number of versions of those policies
- The attacker gets details about previous policy versions to find one that has elevated privileges
- The attacker elevates their privileges by reverting to the previous policy version with elevated privileges