Learn about Cortex Cloud Data Security capabilities and benefits.
Notice
This feature is included with a Cortex XSIAM Premium license. It is also included with any other Cortex XSIAM license that has the Cloud Posture Security or Cloud Runtime Security add-on.
When you start managing your data assets in the cloud, this requires the implementation of comprehensive data security capabilities. The mission of Cortex Cloud Data Security is to provide you with such capabilities, in order to ensure complete visibility and real-time control over potential security risks to your data.
The following image shows the Cortex Cloud Data Security dashboard:
Capabilities
As a cloud-native data security solution, Cortex Cloud Data Security utilizes several technologies to discover, contextualize, monitor, and protect your cloud data assets in real time. Cortex Cloud Data Security collects data from a variety of cloud deployments and data servers, both managed (such as buckets, file storage, databases) and self-hosted (such as MongoDB and MySQL running on virtual machines). The Cortex Cloud Data Security platform also discovers data analytic environments (DBaaS) such as Snowflake, offering you a complete data landscape view. By using cloud-native APIs and methods, Cortex Cloud Data Security collects the metadata of the monitored assets and administrative logs such as CloudTrail, activity logs, and audit logs. Using this information, Cortex Cloud Data Security can detect and remediate the following issues or risks:
Shadow data: An example of shadow data is database snapshots and backups created by development teams as they make changes to files or move them around the cloud. This type of shadow data is not protected by existing data governance frameworks, and security teams often do not even not know it exists, even though it may contain sensitive information.
Compliance violations: The flexibility of cloud infrastructure makes it harder for you to stay compliant with security regulations such as HIPAA, GDPR, PCI, and so on, therefore making it more difficult to be able to prove it to auditors. Cortex Cloud Data Security provides your compliance teams with an easy way to classify data under these regulations and ensure it is handled properly, and intervene when a violation is detected.
Data exfiltration or theft: Cortex Cloud Data Security enables you to easily detect exposures in the data element layer and limit access to them in a way that prevents cybersecurity attacks and data breaches.
Ransomware: The real-time threat detection tools of Cortex Cloud Data Security enable you to stop ransomware attacks early in the kill chain.
Data misuse: While typically not malicious, data misuse can lead to unintentional data compromise. Cortex Cloud Data Security can prevent such data misuse by enforcing security policies across multi-cloud architectures, which prevents users and developers from storing files in inappropriate places.
Benefits
Using the data detection and security capabilities of Cortex Cloud Data Security enables you to:
Discover and visualize all your data assets across the different cloud services, which will help you understand where the sensitive data is, how it is used and how it is moving across the organization.
Reduce the attack surface on your sensitive data by identifying and eliminating the data threat vector early in the kill chain.
Reduce cost due to detection of unused, duplicated, and stale data which allows for better data hygiene and operation.
Protect all of your data in real time.
Combine different technology sets such as DSPM and DDR capabilities to provide the highest level of data protection. See Cortex Cloud Data Security use cases for further elaboration on these capabilities.
Create a centralized view of all data exposure issues by applying a single policy across multiple cloud deployments.
Reduce cloud costs by identifying orphaned snapshots, shadow backups, and stale assets that contribute to unnecessary storage expenses.