Instead of relying on correlation analysis of events from remote infrastructure such as cloud, IoT or 5G networks, MIDA starts with control policies for infrastructure (firmware, virtual machine and the digital assets that make up a network).
Each digital asset on the network has an associated digital token which provides the cryptographic integrity and provenance of that asset back to a control policy. Any change in the environment out of policy generates a high-quality alert that can be remediated in real-time - finally closing the loop between policy and infrastructure - what we call cryptographically enforceable policy.
With this approach, real-time breach detection (in seconds) becomes possible when there is a change in infrastructure that is out of policy as well as dynamic attestation of compliance for external auditors.
For business owners, Guardtime MIDA delivers the following benefits:1. DECREASED TIME TO DETECTION
Pinpoint breaches and out of policy state changes in real-time using cryptographically enforceable baselines
2. DECREASED OPERATIONAL COSTS
Decreased storage requirements, automated event detection and alerting.
3. CROSS ORGANIZATIONAL ACCOUNTABILITY
Detect variances to multi-party agreements and SLAs with cryptographic verification.
4. STREAMLINED AUDIT AND COMPLIANCE
Artifacts for event and state detection are portable and easily understandable from legal, audit, and compliance perspectives
5. SEAMLESS AND COMPATIBLE
No need to rip and replace, Events and Insights are easily consumed by current investments.
Guardtime MIDA Approach to Cloud Security
The primary threats reported in today's Cloud environments are misconfiguration, misuse of common credentials, and unauthorized asset creation. Using Guardtime's unique approach to cryptographic policy enforcement, MIDA provides unprecedented insights into the operation of cloud and managed service infrastructures.These new insights and a heightened state of awareness close key gaps for operators and owners of cloud infrastructure and enable:
- Realtime Discovery of Misconfiguration or Malicious Changes
- Decreased Operational Costs for Event Detection and Storage
- Cryptographically Immutable Logs and State Attestation
- Seamlessly Interoperable with leading SIEM Products
- Streamlined and Accountable DevOps Compliance
- Dynamic attestation of Compliance and Audit Functions
- Trusted and Portable Data
- Granular Accountability and Chain of Custody of Events
- Enhanced Durable Data for Analytics
These infrastructure snapshots leverage the KSI Blockchain to gain accountability, immutability and time of creation. The Snapshots contain the various types of state data. Leveraging the KSI Blockchain, these snapshots provide true cryptographic verification, allowing them to become truly portable and durable for cross-organizational distribution, event correlation, analysis, and long term storage.
Using the MIDA Snapshots as inputs to event correlation, analysis, and continuous monitoring, MIDA provides operators, auditors, and owners with real-time detection of configuration changes and security events.
1. Realtime and Provable Cloud Change Detection Events for:
- Serverless Compute
- Firewalls and Router Configurations
- Web Applications
- Instance or Virtual Machine Configurations
- Security Groups and Network Security Configurations
- AMIs and Machine Images
- Storage and File Security Configurations
- Network Interfaces
- VPC and Resource Group Configurations
- Subnets
- Route Tables
- and many more...
- SSH Logins and Brute Force Detection
- RDP and Remote Machine Access
- Machine Processes Additions and Changes
- Application Configuration Change
- Application Additions and Changes
- Performance Spikes and Abnormal Behavior
Problems Guardtime MIDA solves
Problem: In complex environments, the time to detection of a problem can be measured in months or even years.
MIDA Answer: MIDA significantly reduces time to detection by capturing configurable, accurate and concise state information at the source rather than verbose logs.
Problem: Meaningful Events are complex and expensive to pinpoint with traditional mechanisms and require ever-increasing resources.
MIDA Answer: MIDA Snapshots reduce the input to correlate events significantly, decreasing costs for processing and storing events to provide actionable insights and realtime event correlation for alerts.
Problem: The ability to create ad-hoc infrastructure and the nature of Cloud leads to a lack of visibility of Shadow-IT and unauthorized Cloud Assets, creating cost run-overs, operational issues, and security gaps.
MIDA Answer: MIDA produces configurable MIDA Snapshots enabling dynamic cloud asset discovery and real-time awareness of cloud infrastructure
Problem: Organizations have no method of validating if logs have been changed or are authentic
MIDA Answer: MIDA captures the System State Changes in the MIDA Snapshots. These allow each granular State Capture to be containerized and correlated, but forever maintain their original value.
Problem: Cloud and Managed Services architectures require portable and scalable cryptographic proof of event data
MIDA Answer: The KSI Blockchain provides an independent trust anchor enabling cross-boundary and scalable cryptographic proof
Problem: Cloud infrastructures provide elastic scalability for virtual machines leading to complex accountability and awareness for monitoring services.
MIDA Answer: The KSI Blockchain allows each MIDA Agent and Service to be granularly credentialed to enable true accountability and chain of custody of the MIDA Snapshots.