The challenges addressed by a CIEM solution.
Source: Gartner: “Managing Privileged Access in Cloud Infrastructure” June 9, 2020.
ObserveID is designed to be your CIEM control center in a multi-cloud environment. Its built-in cloud connector framework can help you seamlessly aggregate entitlements from various underlying CSPs of your IaaS and PaaS services, such as AWS, Google, Azure, into a central repository. It can then execute and enforce pre-configured enterprise policies across all the connected CSPs, and hence present a unified cloud-agnostic approach to governance, compliance, operations and risk auditing.
ObserveID’s CIEM capability alleviates an organizational challengerelated to using this feature from each individual CSP. CSPs such as AWS, Azure or Google today provide event historyusing audit logs using theirnative tools such as CloudTrail, Azure Activity Log or Stackdriver Logs respectively. Organizations today have had to funnel this information into SIEM tools and then do pattern analysis and investigate events and flag outliers.
Unfortunately, this approach requires that organizations add cloud context on such results and also address the scalability of having to monitor immense of cloud data in order to do generate trends, look for anomalies, and lastly take on the responsibility of creating a decision-making framework that can alert and remediate when needed.
ObserveID has a built-in intelligent policy driven decision-making engine that can lighten the burden of cloud SOC team by analyzing and responding to cloud specific governance questions of who, what, where and when with this type data. It can in essence label the data-origination cloud service, geo-tag the data, provide duration or time period information of changes in question, indicate all the assets or devices involved in the change and last but not the least present the change outcomes which may also be tied optionally to your ITSM change management tickets.
Alerting and monitoring are an integral part of ObserveID’s CIEM suite and considering it can consume a wide variety of inputs such as user origination, cloud context, service location, device or asset usage, temporal details on the activity and change details etc. in order to feed into the intelligence and provide targeted alerts. Administrators can continuously improve the quality of this decision-making by fine tuning the policies in order to perfect the alert-fidelity.
ObserveID’s provisioning capabilities ensure that detection efforts outlined above are suitably complemented by the remediation that is needed in order to enforce the principle of least-privilege as it relates to provisioning of time-boxed or permanent entitlements or revocation of entitlements to from your cloud-native systems.