Network World—Review: Hot new tools to fight insider threats
- Posted by
Michael Landewe on May 31, 2016
Avanan: Penetrating the cloud
By John Breeden II
Protecting data inside the cloud, especially from insider threats, is difficult because the data is housed in different places, and is not normally under the direct control of the organization that owns it. While cloud providers will help to keep data safe from external threats, they generally won’t do anything if an authorized user suddenly starts sending confidential files offsite. In fact, they may even open up more bandwidth to make that process go more smoothly.
Avanan was formed in 2014 with a focus on cloud security. The system also runs completely in the cloud itself, so the setup has no physical components. It works with all the biggest cloud providers including Amazon, Google, and Microsoft. Avanan is also extremely economical, with the base platform starting at $5 per user per month, and less for large deployments. The setup process for our test cloud only took a few minutes.
Because most cloud providers have access to functionally unlimited storage capacity, many keep up to a year or more of data of the various actions by users and programs within the cloud. Avanan can tap into that data and begin working right away, identifying suspect insider threat activity that happened months ago, or linking new cases to a potential pattern going back months or years.
By itself, Avanan is a powerful tool for protecting against insider threats. Another strength of the product, however, is that it offers one-click installation of popular security programs, even those that have not previously been optimized for use within the cloud. Avanan does not charge users to install those apps inside the cloud.
Users only need to pay whatever the other vendor charges, and their existing license may even cover cloud deployments. In the course of our testing, we installed Check Point, Palo Alto, and Symantec software into our test cloud. In all cases, we got full cloud functionality. Each program was also able to report directly into the Avanan main interface to add extra indicators into an insider threat investigation or to provide updates on the general security of the cloud, such as malware files stored inside.
There is no upper limit as to how many additional programs can be running in addition to Avanan. For example, multiple antivirus programs can be running without interfering with each other, and it supports more than 40 choices. It also supports sandboxing like FireEye, and SIEM programs like Splunk and ArcSight.
Once installed, Avanan gives...[Read the full article here]
John Breeden is an award winning reviewer and public speaker with over 20 years of experience. He is currently the CEO of the Tech Writers Bureau, a group of influential journalists and writers who work in government and other circles. He can be reached at firstname.lastname@example.org.