How to monitor, detect, and respond to cloud data risks faster with built-in security controls for cloud events

Wiz for DSPM: Additional enhancements to help you correlate suspicious events related to unprotected data in near real-time.

2 minutes read

Editor’s note: Wiz recently announced the general availability of Wiz for DSPM. Our second blog post talked about why data security should be integrated with CNAPP. 

It takes far too long for organizations to find and respond to data exposure. According to research, unsecured databases can be breached in just 8 hours. Data breaches can result in damage to a company’s brand and potential revenue loss due to customers losing trust, causing them to explore alternative solutions. Organizations need to detect data risks as soon as they occur for faster resolution time. This requires scanning sensitive data in their cloud environment and rapid monitoring and detection to allow security teams to intervene before the damage is done. In this blog post, we are excited to launch new security controls that help you correlate and find interesting cloud events in your environment, before it becomes a costly data breach. 

Since the general availability of Wiz for DSPM, we have added new security controls for suspicious cloud events for unprotected data, providing customers with near real-time monitoring and detection. These capabilities enable dynamic monitoring of cloud environments for faster response times. The new built-in security controls for data security were developed by our threat research team based on information about real-world breaches in which these interesting events lead up to the event. The newly released security controls work out-of-the-box and do not require any configuration. 

For example, you can easily identify data resources with sensitive data that has traffic from an unrecommend IP. Diving a bit deeper into the issue, the attack path visualization on the Wiz Security Graph shows how an attacker would gain access to the critical sensitive data on this Active Directory Federation Services (ADFS4) virtual machine, which contains an employee directory. 

Visualize attack path on the Wiz Security Graph to the sensitive data within an employee directory.

You can easily apply these built-in security controls on your cloud environment to have them trigger issues for your teams to resolve. In this scenario, the next step would be to block this IP address and apply remediation measures such as encryption and access control to prevent unauthorized access to this sensitive data. 

Another useful security control is detecting a virtual machine with sensitive data that was targeted by a SSH brute force attack. As you can see from the attack path visualization, a finance application that contains PII such as email addresses was impacted. In this scenario, Wiz recommends your team ensure that this action was legitimate and apply measures such as encryption, access control and strong passwords to prevent unauthorized access to the sensitive data in this application. 

Visualize attack path on the Wiz Security Graph to the sensitive data on a Finance App.

With the new built-in security controls for Wiz, customers are empowered to correlate suspicious events related to unprotected data in near real-time. Having these shown on the Wiz Security Graph allows you to understand the toxic combinations in your environment, helping you get ahead of sensitive data exposure by monitoring and responding to cloud data risks with integrated data protection. 

Start protecting your cloud data today 

Our goal is to help your organization discover and protect your cloud data. You can learn more by downloading our datasheet or visiting the Wiz docs (login required). If you prefer a live demo, we would love to connect with you. 

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management