Menlo Park, CA (May 09, 2017) – RedLock officially launched today with a cloud infrastructure security offering designed to overcome challenges faced by every modern enterprise. The RedLock Cloud 360™ platform features technology that enables organizations to accelerate digital business by managing security and compliance risks across their entire public cloud infrastructure, but without impeding DevOps (i.e. collaboration between software developers and IT operations to automate software delivery). With RedLock Cloud 360, security teams gain a single view of existing and potential risks over the entire cloud infrastructure, even across multiple leading public cloud service providers such as Amazon Web Services (AWS). The platform automatically discovers workloads within an environment and enables continuous monitoring, anomaly detection, cloud forensics, adaptive response, and compliance reporting.
The market for public cloud infrastructure is massive—worldwide spending is set to grow from $38 billion last year to $173 billion in 2026. The growth is undeniable because the promise of digital business is so tantalizing: it’s both a growth strategy, delivering new digital products, services and revenues, and a cost-reduction driver, leveraging tools and ecosystems to slash capital and operational resources. The cloud is at the core of this transformation.
“Companies need to be confident that they can gain complete visibility into public infrastructure security to verify security policies, investigate incidents, or ensure full compliance in a cloud environment,” said Varun Badhwar, CEO and co-founder of RedLock. “This is a true business imperative and our singular mission at RedLock: to help customers achieve their cloud infrastructure security goals and serve as the catalyst for digital business advancement.”
Cloud service providers are working with their ecosystems to help address customer security needs.
“AWS allows customers to scale and innovate, while maintaining a secure environment,” said Stephen Schmidt, Vice President, Security Engineering & Chief Information Security Officer at Amazon Web Services. “We are committed to empowering our customers with the right tools to achieve their cloud security objectives, and AWS Partner Network Technology Partners like RedLock play a major role. Our customers want solutions that effectively leverage the security features of AWS to provide holistic visibility into their risk postures, which RedLock provides.”
The RedLock Solution
The RedLock Cloud 360 platform enhances cloud infrastructure security with a series of technological advances designed to take on these challenges. These include:
· Comprehensive visibility: RedLock enables organizations to visualize their entire public cloud environment, across multiple cloud service providers and down to every component within the environment. The platform dynamically discovers workloads and connects the dots between configuration, user activity, network traffic, and threat intelligence data. Security professionals can quickly pinpoint risks.
· Policy monitoring: RedLock enables companies to set guardrails for DevOps, ensuring full productivity without compromises to security. The platform comes with policies that adhere to security best practices such as CIS, PCI, and NIST. In addition, security administrators can create custom policies based on individual needs. RedLock Cloud 360 automatically monitors new and existing workloads for violations to these policies.
· Anomaly Detection: The platform combines a deep understanding of your public cloud infrastructure, correlation with third party data sources, and machine learning to baseline user and network behavior. Any anomalous pattern immediately triggers an alarm so the issue can be addressed as soon as it’s detected.
· Contextual Alerting and Adaptive Response: RedLock Cloud 360 continuously scores every workload based on risky attributes and behavior. The highest rated risks bubble to the top which makes it simple to prioritize response. The platform also provides context on the risk factors associated with a particular workload so that appropriate actions can be taken. RedLock data can also be used with third-party tools to speed responses.
· Cloud Forensics: Thanks to its deep understanding of the cloud environment, the platform cuts the time needed to resolve incidents from weeks or even months to seconds. It enables organizations to go back to any point in time and use its interactive map to easily pinpoint active threats and perform impact analysis. The platform also provides time-serialized activity for any workload to review the history of changes and better understand the root cause of an incident.
· Compliance and Management Reporting: RedLock enables organizations to easily report on risk posture to their management team, board of directors, and auditors. Similar to a credit score, the platform computes risk scores for every workload based on the severity of business risks, violations and anomalies. It then aggregates the risk scores to enable organizations to benchmark and compare risk postures across different departments as well as across the entire environment.
Venture Funding and Stability
RedLock is not entering the market with great technology alone. While having the characteristics of a disruptive startup, the company is also building on the stability that comes from venture capital support, and an early customer base.
The company has already raised $12 million in funding from Sierra Ventures, which has built a 30-year track record of nurturing early-stage ventures into market leaders and successes include security leader Sourcefire (acquired by Cisco for $2.7B); Storm Ventures, which has a 20-year record of 100% focus on early-stage enterprise investments and successes include EchoSign (acquired by Adobe) and Marketo (NASD: MKTO, acquired by Vista); Dell Technologies Capital, which came out of stealth earlier this week highlighting investments in more than 70 early-stage startups and nearly 30 exits, including Arista (NYSE: ANET) and Nutanix (NASDAQ: NTNX); and other high-profile investors.
“Our goal has always been to support innovative startups that can maintain the right balance between innovation and market need, and RedLock clearly meets that high standard,” said Mark Fernandes, Managing Director at Sierra Ventures. “The cloud technology market has seen tremendous excitement and backing over the past few years, but we believe we’re still a long way from realizing its true potential. A holistic cloud-native approach that breaks down silos is crucial for the benefits to be fully realized. We believe RedLock has a major role to play in that transformation, and this has been validated by our CXO Advisory Board of more than 70 Fortune 1000 technology executives.”
While RedLock is only coming out of stealth mode and making its public debut now, the company has been quietly making its presence felt. It already counts market leaders such as Proofpoint as a client, and was named as a finalist for ‘Most Innovative Startup’ at the Innovation Sandbox Competition at RSA 2017.
“Dell Technologies Capital understands the unique challenges and needs of young companies poised to make their mark. We are pleased to be an early investor in RedLock and excited by the transformational work they are doing in cybersecurity,” said Deepak Jeevankumar, Managing Director at Dell Technologies Capital. “As organizations embrace hybrid cloud computing, security and compliance across their public cloud footprint becomes critical. RedLock provides organizations with much needed risk visibility and control across multiple cloud service providers in a single pane of glass. We look forward to using our extensive technical, business and go-to-market capabilities to help RedLock rapidly develop and deploy their innovative solutions.”
Traditional security solutions are often geared towards largely static on-premise environments rather than dynamically changing cloud environments. Many legacy tools rely on defining rigid policies based on fixed IP addresses. However, IP-based policies cannot be applied since cloud workloads are ephemeral and their IP addresses can change dynamically. Moreover, agent or proxy-based solutions need to be deployed inline with traffic which will not work with API-driven services such as Amazon Relational Database Service (Amazon RDS), Amazon Simple Storage Service (Amazon S3), and Elastic Load Balancing. None of this is truly compatible with a cloud environment that is continuously changing.
On a related front, the numerous point solutions implemented in most on-premise environments over time to secure the network create siloed views into configuration data, user activity, network traffic, and threat intelligence data. To get a true picture of risk within an organization’s cloud infrastructure environment, holistic visibility is imperative.
In contrast, RedLock’s Cloud 360 platform provides a comprehensive cloud-native approach. It connects the dots between configurations, user activity, network traffic, and threat intelligence data which makes it easier to accurately assess risk within the public cloud infrastructure environment. The platform’s API-based approach ensures that DevOps is unimpeded and complete visibility across all workloads is achieved. The solution is automated so that the right level of security is applied and adjusted as existing workloads change and new ones are instantiated.
Here’s a different way to understand the need for a dynamic approach. In many organizations, software is now delivered on a weekly (or even daily) basis. RedLock’s own research suggests that the average lifespan of a workload is only 127 minutes, and one customer, a leading cloud provider, creates and destroys 10,000 cloud workloads per day. To keep pace with such dynamic conditions, security teams require tools to implement adequate security and compliance measures.
From Process to Benefit
It is a challenging issue, and the RedLock Cloud 360 platform was designed specifically to tackle these problems. Despite its sophisticated architecture, the platform can be implemented within minutes by connecting to public cloud environments via 50-plus APIs, without impeding DevOps. It ingests massive volumes of raw, siloed data from the environment and produces concise, actionable insights in a five-step process:
· Discovery: RedLock Cloud 360 continuously aggregates configuration, user activity, and network traffic data from disparate cloud APIs. It automatically discovers new workloads as soon as they are created.
· Contextualization: Next, the platform applies machine learning to connect the dots between configuration, user activity, and network traffic data. It learns the role and behavior of each cloud workload to provide context that is necessary for defining appropriate policies.
· Enrichment: The correlated data is further enriched with external data sources such as vulnerability scanners, threat intelligence tools, and SIEMs to produce critical insights.
· Risk Assessment: RedLock Cloud 360 scores each cloud workload for risk score based on severity to the business, policy violations, and anomalous behavior. Risk scores are then aggregated, enabling organizations to benchmark and compare risk postures across different departments as well as across the entire environment.
· Visualization: The entire cloud infrastructure environment is visualized with an interactive dependency map that goes beyond raw data to provide context on security and compliance risks.
Availability and Pricing
The RedLock Cloud 360 platform is generally available. Pricing is subscription-based and depends on the number of workloads deployed within an organization’s public cloud infrastructure environment.
About RedLock (www.redlock.io)
RedLock enables organizations to accelerate digital business by managing security and compliance risks within their public cloud infrastructure without impeding DevOps. We provide security teams with the most comprehensive view of their environment, across multiple public cloud service providers, and down to every component within them. The RedLock Cloud 360™ platform enables automated monitoring, anomaly detection, cloud forensics, adaptive response, and compliance reporting, all to deliver unparalleled true cloud infrastructure security. Global brands across a variety of verticals trust RedLock to secure their public cloud infrastructure. The company is backed by Sierra Ventures, Storm Ventures, Dell Technologies Capital, and other high profile investors. RedLock was a finalist amongst hundreds of startups for the coveted title of Most Innovative Startup at RSA 2017 in San Francisco.