Know your gear
The Cloud Sensor recognizes anomalies by, first, establishing a baseline of normal behavior and then identifies when detected actifities deviate from the baseline. GravityZone detects when a user performs an action outside of the baseline, when a file with a suspicious extension has been uploaded and deviates from the baseline behavior, when a cloud function performs an action outside of the usual scope of activity, and other cloud-specific detections.
In addition, the Cloud Sensor identifies suspicious activity associated with many granular cloud service functions such as AWS Lambda. The sensor detects when an attacker has executed a Lambda function that triggers a suspicious action. For example, it can distinguish when suspicious automatic code execution has been performed, such as using a Lambda function to create an access key to backdoor an AWS Identity and Access Management (IAM) user. As another example, when a Lambda function is used to update a security group to allow ingress on a port, GravityZone XDR will identify this as a maneuver that may allow an attacker to access the cloud instance.
The GravityZone XDR Cloud Sensor detects other suspicious behavior such as when an unfamiliar user or host removes the default encryption from an AWS Simple Cloud Storage (S3) bucket. By performing this action, the attacker exposes all encrypted objects (using server-side encryption) in that S3 bucket. XDR detects when an attacker disables or removes monitoring services such as stopping Amazon's logging service, CloudTrail, or deleting logs from the AWS monitoring service, CloudWatch. It also identifies when an attacker has performed reconnaissance events against an S3 bucket. GravityZone XDR can also reveal when a user has logged in from multiple regions simultaneously, a typical indicator of a compromised account.
Enhance your purchase
Terms and Conditions
These services are considered Third Party Services, and this purchase is subject to CDW’s Third Party Cloud Services Terms and Conditions, unless you have a written agreement with CDW covering your purchase of products and services, in which case this purchase is subject to such other written agreement.
The third-party Service Provider will provide these services directly to you pursuant to the Service Provider’s standard terms and conditions or such other terms as agreed upon directly between you and the Service Provider. The Service Provider, not CDW, will be responsible to you for delivery and performance of these services. Except as otherwise set forth in the Service Provider’s agreement, these services are non-cancellable, and all fees are non-refundable.