MENLO PARK, Calif.--(BUSINESS WIRE)--Please replace the release with the following corrected version of the Ray Espinoza/ProofPoint quote in the ADDENDUM section.
The corrected release reads:
REDLOCK LAUNCHES WITH COMPREHENSIVE CLOUD INFRASTRUCTURE SECURITY OFFERING
RedLock Cloud 360 platform makes major advancement with holistic visibility into public cloud infrastructure environments that helps truly assess and monitor risk
Dynamic startup raises $12 million in funding from Sierra Ventures, Storm Ventures, Dell Technologies Capital, and other blue-chip investors
RedLock officially launched today with a cloud infrastructure security offering designed to overcome challenges faced by every modern enterprise. The RedLock Cloud 360™ platform features technology that enables organizations to accelerate digital business by managing security and compliance risks across their entire public cloud infrastructure, but without impeding DevOps (i.e. collaboration between software developers and IT operations to automate software delivery). With RedLock Cloud 360, security teams gain a single view of existing and potential risks over the entire cloud infrastructure, even across multiple leading public cloud service providers such as Amazon Web Services (AWS). The platform automatically discovers workloads within an environment and enables continuous monitoring, anomaly detection, cloud forensics, adaptive response, and compliance reporting.
The market for public cloud infrastructure is massive—worldwide spending is set to grow from $38 billion last year to $173 billion in 20261. The growth is undeniable because the promise of digital business is so tantalizing: it’s both a growth strategy, delivering new digital products, services and revenues, and a cost-reduction driver, leveraging tools and ecosystems to slash capital and operational resources. The cloud is at the core of this transformation.
“Companies need to be confident that they can gain complete visibility into public infrastructure security to verify security policies, investigate incidents, or ensure full compliance in a cloud environment,” said Varun Badhwar, CEO and co-founder of RedLock. “This is a true business imperative and our singular mission at RedLock: to help customers achieve their cloud infrastructure security goals and serve as the catalyst for digital business advancement.”
Cloud service providers are working with their ecosystems to help address customer security needs.
“AWS allows customers to scale and innovate, while maintaining a secure environment,” said Stephen Schmidt, Vice President, Security Engineering & Chief Information Security Officer at Amazon Web Services. “We are committed to empowering our customers with the right tools to achieve their cloud security objectives, and AWS Partner Network Technology Partners like RedLock play a major role. Our customers want solutions that effectively leverage the security features of AWS to provide holistic visibility into their risk postures, which RedLock provides.”
The RedLock Solution
The RedLock Cloud 360 platform enhances cloud infrastructure security with a series of technological advances designed to take on these challenges. These include:
- Comprehensive visibility: RedLock enables organizations to visualize their entire public cloud environment, across multiple cloud service providers and down to every component within the environment. The platform dynamically discovers workloads and connects the dots between configuration, user activity, network traffic, and threat intelligence data. Security professionals can quickly pinpoint risks.
- Policy monitoring: RedLock enables companies to set guardrails for DevOps, ensuring full productivity without compromises to security. The platform comes with policies that adhere to security best practices such as CIS, PCI, and NIST. In addition, security administrators can create custom policies based on individual needs. RedLock Cloud 360 automatically monitors new and existing workloads for violations to these policies.
- Anomaly Detection: The platform combines a deep understanding of your public cloud infrastructure, correlation with third party data sources, and machine learning to baseline user and network behavior. Any anomalous pattern immediately triggers an alarm so the issue can be addressed as soon as it’s detected.
- Contextual Alerting and Adaptive Response: RedLock Cloud 360 continuously scores every workload based on risky attributes and behavior. The highest rated risks bubble to the top which makes it simple to prioritize response. The platform also provides context on the risk factors associated with a particular workload so that appropriate actions can be taken. RedLock data can also be used with third-party tools to speed responses.
- Cloud Forensics: Thanks to its deep understanding of the cloud environment, the platform cuts the time needed to resolve incidents from weeks or even months to seconds. It enables organizations to go back to any point in time and use its interactive map to easily pinpoint active threats and perform impact analysis. The platform also provides time-serialized activity for any workload to review the history of changes and better understand the root cause of an incident.
- Compliance and Management Reporting: RedLock enables organizations to easily report on risk posture to their management team, board of directors, and auditors. Similar to a credit score, the platform computes risk scores for every workload based on the severity of business risks, violations and anomalies. It then aggregates the risk scores to enable organizations to benchmark and compare risk postures across different departments as well as across the entire environment.
Venture Funding and Stability
RedLock is not entering the market with great technology alone. While having the characteristics of a disruptive startup, the company is also building on the stability that comes from venture capital support, and an early customer base.
The company has already raised $12 million in funding from Sierra Ventures, which has built a 30-year track record of nurturing early-stage ventures into market leaders and successes include security leader Sourcefire (acquired by Cisco for $2.7B); Storm Ventures, which has a 20-year record of 100% focus on early-stage enterprise investments and successes include EchoSign (acquired by Adobe) and Marketo (NASD: MKTO, acquired by Vista); Dell Technologies Capital, which came out of stealth earlier this week highlighting investments in more than 70 early-stage startups and nearly 30 exits, including Arista (NYSE: ANET) and Nutanix (NASDAQ: NTNX); and other high-profile investors.
“Our goal has always been to support innovative startups that can maintain the right balance between innovation and market need, and RedLock clearly meets that high standard,” said Mark Fernandes, Managing Director at Sierra Ventures. “The cloud technology market has seen tremendous excitement and backing over the past few years, but we believe we’re still a long way from realizing its true potential. A holistic cloud-native approach that breaks down silos is crucial for the benefits to be fully realized. We believe RedLock has a major role to play in that transformation, and this has been validated by our CXO Advisory Board of more than 70 Fortune 1000 technology executives.”
While RedLock is only coming out of stealth mode and making its public debut now, the company has been quietly making its presence felt. It already counts market leaders such as Proofpoint as a client, and was named as a finalist for ‘Most Innovative Startup’ at the Innovation Sandbox Competition at RSA 2017.
“Dell Technologies Capital understands the unique challenges and needs of young companies poised to make their mark. We are pleased to be an early investor in RedLock and excited by the transformational work they are doing in cybersecurity,” said Deepak Jeevankumar, Managing Director at Dell Technologies Capital. “As organizations embrace hybrid cloud computing, security and compliance across their public cloud footprint becomes critical. RedLock provides organizations with much needed risk visibility and control across multiple cloud service providers in a single pane of glass. We look forward to using our extensive technical, business and go-to-market capabilities to help RedLock rapidly develop and deploy their innovative solutions.”
Traditional security solutions are often geared towards largely static on-premise environments rather than dynamically changing cloud environments. Many legacy tools rely on defining rigid policies based on fixed IP addresses. However, IP-based policies cannot be applied since cloud workloads are ephemeral and their IP addresses can change dynamically. Moreover, agent or proxy-based solutions need to be deployed inline with traffic which will not work with API-driven services such as Amazon Relational Database Service (Amazon RDS), Amazon Simple Storage Service (Amazon S3), and Elastic Load Balancing. None of this is truly compatible with a cloud environment that is continuously changing.
On a related front, the numerous point solutions implemented in most on-premise environments over time to secure the network create siloed views into configuration data, user activity, network traffic, and threat intelligence data. To get a true picture of risk within an organization’s cloud infrastructure environment, holistic visibility is imperative.
In contrast, RedLock’s Cloud 360 platform provides a comprehensive cloud-native approach. It connects the dots between configurations, user activity, network traffic, and threat intelligence data which makes it easier to accurately assess risk within the public cloud infrastructure environment. The platform’s API-based approach ensures that DevOps is unimpeded and complete visibility across all workloads is achieved. The solution is automated so that the right level of security is applied and adjusted as existing workloads change and new ones are instantiated.
Here’s a different way to understand the need for a dynamic approach. In many organizations, software is now delivered on a weekly (or even daily) basis. RedLock’s own research suggests that the average lifespan of a workload is only 127 minutes, and one customer, a leading cloud provider, creates and destroys 10,000 cloud workloads per day. To keep pace with such dynamic conditions, security teams require tools to implement adequate security and compliance measures.
From Process to Benefit
It is a challenging issue, and the RedLock Cloud 360 platform was designed specifically to tackle these problems. Despite its sophisticated architecture, the platform can be implemented within minutes by connecting to public cloud environments via 50-plus APIs, without impeding DevOps. It ingests massive volumes of raw, siloed data from the environment and produces concise, actionable insights in a five-step process:
- Discovery: RedLock Cloud 360 continuously aggregates configuration, user activity, and network traffic data from disparate cloud APIs. It automatically discovers new workloads as soon as they are created.
- Contextualization: Next, the platform applies machine learning to connect the dots between configuration, user activity, and network traffic data. It learns the role and behavior of each cloud workload to provide context that is necessary for defining appropriate policies.
- Enrichment: The correlated data is further enriched with external data sources such as vulnerability scanners, threat intelligence tools, and SIEMs to produce critical insights.
- Risk Assessment: RedLock Cloud 360 scores each cloud workload for risk score based on severity to the business, policy violations, and anomalous behavior. Risk scores are then aggregated, enabling organizations to benchmark and compare risk postures across different departments as well as across the entire environment.
- Visualization: The entire cloud infrastructure environment is visualized with an interactive dependency map that goes beyond raw data to provide context on security and compliance risks.
Availability and Pricing
The RedLock Cloud 360 platform is generally available. Pricing is subscription-based and depends on the number of workloads deployed within an organization’s public cloud infrastructure environment.
About RedLock (www.redlock.io)
RedLock enables organizations to accelerate digital business by managing security and compliance risks within their public cloud infrastructure without impeding DevOps. We provide security teams with the most comprehensive view of their environment, across multiple public cloud service providers, and down to every component within them. The RedLock Cloud 360™ platform enables automated monitoring, anomaly detection, cloud forensics, adaptive response, and compliance reporting, all to deliver unparalleled true cloud infrastructure security. Global brands across a variety of verticals trust RedLock to secure their public cloud infrastructure. The company is backed by Sierra Ventures, Storm Ventures, Dell Technologies Capital, and other high profile investors. RedLock was a finalist amongst hundreds of startups for the coveted title of Most Innovative Startup at RSA 2017 in San Francisco.
-- ADDENDUM --
REDLOCK LAUNCHES WITH TREMENDOUS INDUSTRY SUPPORT
— Ray Espinoza, former Head of Global Security at Proofpoint
“We were able to deploy RedLock in minutes without disrupting DevOps and immediately gained visibility into risks across our entire AWS footprint in a single view.”
— David Tsao, Global Information Security Officer (CISO) at Veeva Systems
“Our cloud-based business model has been a huge factor in our success. To enable customer success, we take pride in ensuring the highest levels of compliance of our platform with industry regulations. This requires us to continuously audit the public cloud infrastructure that we use to host our applications, and provide rapid feedback to our internal teams. The RedLock Cloud 360 platform provides Veeva with the tools it needs to continuously monitor our environment, quickly identify and respond to issues, and provide improved visibility on its compliance posture.”
— Bala Sathiamurthy, Head of Security at NerdWallet
“To protect our customers’ data, we make it a priority to secure the underlying public cloud infrastructure,” said Bala Sathiamurthy, Head of Security at NerdWallet. “We need to continuously monitor the infrastructure as well as ensure real-time visibility into risks, and RedLock enables us to do just this without impeding our agile development processes.”
— Michael Osterman, President at Osterman Research Inc.
“Organizations are creating and destroying cloud workloads at a quicker pace every day, which is making public cloud infrastructure increasingly difficult to protect. Add to this the fact that many companies don’t have a good handle on security for their cloud environments, and you end up with a scenario ripe for disaster. A new breed of cloud security that can keep up with this rate of change and also get organizations securing their public cloud infrastructure instantly is sorely needed. RedLock is stepping in with an impressive solution that’s purpose-built for dynamic cloud environments that change by the minute. Moreover, its integration with threat intelligence data sources ensures that organizations are protected in real-time against the latest public cloud threats and vulnerabilities.”
— Christian Christiansen, Senior Consultant with Hurwitz & Associates
“There may be no area of technology more hyped and more scrutinized than public cloud computing, and it’s easy to see why. According to RedLock, 'The average cloud workload exist for 127 minutes’ and ‘A leading cloud provider creates and destroys 10,000 workloads per day.' This is an unforeseen and extraordinary rate of change and sharply alters many aspects of DevOps and SecOps. But despite cloud computing's promise of digital transformation, many IT organizations still haven’t internalized the message that public cloud infrastructure is fundamentally different from its on-premise predecessor (e.g., rules, processes and threats). Manual processes and complex decision-making need streamlining. Automation becomes mandatory to find and prioritize risk across an organization's public cloud infrastructure. This enables security teams to focus on the highest rated risks. Overall, RedLock offers the potential to greatly reduce the time it takes to perform cloud discovery, anomaly detection and forensics due to its holistic visibility.”
— Daniel Kirsch, Principal Analyst, Hurwitz & Associates
“We at Hurwitz & Associates have seen many companies adopting multi-cloud and hybrid cloud environments. A Multi-cloud environment gives organizations the flexibility that they need to meet SLA, cost, governance and regulatory requirements. However, many organizations have developed new cloud instances with little oversight from IT security teams. Many enterprise security teams are struggling to find the right balance between giving developers and other teams the freedom to choose the tools and environments they wish while also ensuring security protocols are met. Having each new cloud environment separately managed by a security team is not a process that can scale and will surely result in security gaps. Security organizations are searching for tools and platforms that can help them manage a variety of cloud environments through a single view. RedLock's approach to secure workloads across multiple public cloud providers will help security organizations quickly understand their risk through a single visual environment.”
— Andrew Kellet, Principal Analyst with Ovum
“As organisations continue to embrace public cloud computing, security and compliance strategies must adapt to address the dynamic nature of the cloud. The RedLock approach helps security teams by delivering much needed visibility and control over public cloud infrastructure. It offers the ability to detect anomalies, monitor configurations and activities, investigate incidents, and audit for compliance, enabling security teams to gain a comprehensive view of risk across their environment. DevOps and the rise of the cloud have blurred the lines of accountability over security, and with various lines of business adopting public cloud services, key elements of security have been left under protected. RedLock is looking to provide a level of visibility and control that is currently missing in many public cloud environments.”
— Mike Matchett, Senior Analyst and Consultant with Taneja Group
“Looking at the landscape, it’s amazing how many business processes have improved drastically with a move to public cloud computing, and yet many more simply haven’t been able to keep up. Large technology shifts don’t occur in a vacuum—basic business processes must adapt to those changes for the benefits to be realized, and this still hasn’t been possible for most opportunities because of cloud security concerns.” He continued, “When technology changes come so frequently and so fast, even a small gap can quickly become a chasm. That’s what we’re seeing now between the wider adoption of public cloud infrastructure and the full security that organizations need to maintain. The ability to secure all business applications across multiple public cloud providers is becoming essential, and RedLock is leading the way in helping organizations secure workloads both in the cloud and across clouds. We can recommend that organizations just try it out—RedLock’s ability to immediately help organizations visualize their risk posture across the public cloud environment is something we haven’t seen before.”
— Bob Tarzey, Analyst and Director, Quocirca
“The growing use of public cloud infrastructure has changed the way business processes are supported both within and between organisations. A major benefit is more flexible and dynamic access to IT resources, however, a potential downside is less visibility and reduced security through the frequent changes to applications themselves and the way they are deployed. RedLock helps mitigate these issues by providing a single view of workloads and common controls across the three leading public cloud platforms; AWS, Microsoft Azure and Google.”
— Gaurav Kumar, Co-founder & CTO at RedLock
“We find that the most compelling aspects of the RedLock Cloud 360 platform is the comprehensive visibility that it provides across an organization’s public cloud infrastructure. The platform applies machine learning to automatically discover workloads and connect the dots between configuration, user activity, network traffic, and threat intelligence data. It combines this deep understanding of the cloud infrastructure with patent-pending risk scoring technology to provide a true picture of risk and help organizations prioritize issues. Security teams can quickly respond to incidents with notifications, policy orchestration, and auto-remediation.”
— Robi Papp, Managing Partner at AvantGarde Partners
“RedLock has enormous market potential, enabling organizations to obtain the same level of visibility, security assurance, compliance and auditability in the cloud as in physical data center environments. This addresses a significant problem our clients face today.”
— Jonathan Villa, Practice Lead, Cloud Security at GuidePoint Security
“RedLock’s solution is necessary and timely given the mass migrations we’re seeing to public cloud infrastructure. We can offer our customers peace of mind as they make this journey knowing that we have visibility and control across all risks within their environment.”
Please refer to press release for additional company, customer, partner, and industry analyst quotes.
- end addendum -
RedLock, RedLock logo, and RedLock Cloud 360 are trademarks or registered trademarks of RedLock, Inc. All other names and trademarks are the property of their respective firms.