Service Overview
The differences in cloud and on-premise infrastructure, network architecture, and security protection mechanisms are significant. Traditional on-premise SOC (SIEM) cannot handle the security monitoring in a cloud environment. Cloud-native tools are required to address the rapid changes and vast amounts of logs in the cloud environment. Cloud SOC security monitoring detects and analyzes cloud logs in the cloud itself, avoiding the transmission costs of logs to an on-premise SOC. Only abnormal events or alerts detected and analyzed are sent to the SOC monitoring center, while also performing security event correlation between cloud and on-premise environments.
Service Features
Cloud SOC security monitoring uses CNAPP as the cloud log processing, analysis, and detection mechanism. With cloud best practices (Cloud Best Practices) and correlated rulesets, it continuously monitors the dynamics of the cloud environment to identify common security risks and issues:
-
MisconfigurationMisconfiguration -
Permission RisksIAM (Identity and Access Management)
-
VulnerabilitiesCVE (Common Vulnerabilities and Exposures) -
Publicly Accessible AssetsPublicly Accessible
-
Anomalous Behavior DetectionAccount Activity
Service Benefits
-
Continuous Protection
Cloud SOC security monitoring provides comprehensive, continuous protection and monitoring from the cloud infrastructure, workloads, to the code level.
-
Integrated Platform
A single SOC service platform that integrates cloud and on-premise security event correlation, satisfying both cloud and on-premise SOC security monitoring.
-
No Cloud Logs Stored On-Premise
Customer cloud logs are not stored on-premise, avoiding transmission costs.
-
Cost Reduction
Minimal changes to the customer's cloud environment, avoiding the need to activate cloud-native SIEM services (self-built SIEM), significantly reducing costs.