As businesses move critical workloads to the cloud, attackers have shifted their tactics, techniques, and procedures to target cloud-native infrastructure. To keep up, defenders need tools to automate the analysis of cloud-native data to respond to threats more effectively in real time.
In a new research report, Gartner analysts Lawrence Pingree and Mark Wah introduced Cloud Investigation and Response Automation, pointing out that “modern malware and data breaches in cloud environments are often fileless and operate either solely in memory without leaving any trace on disk, or via APIs or integrated SaaS offerings, making it increasingly difficult or impossible to properly investigate with traditional forensic methods and tooling.”
The market needs a new approach to enable investigation and response to these new types of threats, and Gem Security was mentioned as a sample provider. To detect and respond to threats in the cloud, as the report notes, organizations must combine information from new data sources including both cloud service provider APIs and native cloud telemetry. Gem’s comprehensive platform automates the cloud detection and response process, extending threat coverage beyond traditional security operations tools with an endpoint or workload heritage.
A key element of CIRA tools is the ability to consume and analyze numerous data sources across all three public clouds to provide comprehensive coverage. These data sources included numerous cloud-native log sources, including AWS CloudTrail, Azure NSG Flow logs and GCP audit logs. However, a key component of CIRA is the ability to ingest these data sources cost-effectively. With a scalable, cloud-native backend, Gem can ingest all cloud data sources and enable flexible retention policies to ensure organizations get the most value out of their security data.
Using CIRA tooling gives organizations the ability to unify the entire investigation and response process, from initial threat detection to root cause analysis and containment, in a single workflow. As Gartner report notes, “CIRA providers are focused on unifying the integrated collection, analysis and incident investigation workflows in support of forensically sound IR and data collection.” We believe this is a key differentiator for CIRA and CDR platforms as opposed to other cloud security tools like CSPM. The ability to investigate and respond to threats is crucial for security operations teams: without a unified workflow, threat detection is not actionable, and security teams need automated analysis and next steps for investigation to be able to respond to cloud threats effectively.
At Gem, we think Gartner is spot-on in identifying this need in the market. We’re looking forward to seeing how this market evolves!
Gartner, Emerging Tech: Security — Cloud Investigation and Response Automation Offers Transformation Opportunities , 5 June 2023 . GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.